CVE-2017-6326

CRITICAL

Symantec Messaging Gateway < 10.6.3 - Remote Code Execution

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-6326. PoCs published by Mehmet Ince, Mehmet Ince <[email protected]>, including Metasploit module exploits/linux/http/symantec_messaging_gateway_exec.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in Symantec Messaging Gateway by leveraging an authenticated endpoint to execute arbitrary commands as root. It bypasses input validation by encoding the payload in hex and using Perl's ${IFS} technique to avoid blacklisted characters.

Description

The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Mehmet Ince · rubyremotepython
https://www.exploit-db.com/exploits/42251

This Metasploit module exploits a command injection vulnerability in Symantec Messaging Gateway by leveraging an authenticated endpoint to execute arbitrary commands as root. It bypasses input validation by encoding the payload in hex and using Perl's ${IFS} technique to avoid blacklisted characters.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Symantec Messaging Gateway 10.6.2-7
Auth required
Prerequisites: Valid credentials for Symantec Messaging Gateway · Access to an SSH server controlled by the attacker
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Mehmet Ince <[email protected]> · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/symantec_messaging_gateway_exec.rb

This Metasploit module exploits a command injection vulnerability in Symantec Messaging Gateway by leveraging authenticated access to execute arbitrary commands via the backupNow.do endpoint. It uses a Perl payload to bypass character restrictions and deliver a Python-based Meterpreter reverse shell.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Symantec Messaging Gateway 10.6.2-7
Auth required
Prerequisites: Valid credentials for Symantec Messaging Gateway · Access to an SSH server for payload delivery
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038785
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42251/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/98893

Scores

CVSS v3 10.0
EPSS 0.7276
EPSS Percentile 99.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

Status published
Products (2)
symantec/messaging_gateway < 10.6.3
Symantec Corporation/Messaging Gateway All versions prior to version 10.6.3
Published Jun 26, 2017
Tracked Since Feb 18, 2026