CVE-2021-30648

CRITICAL

Symantec ProxySG 6.5-<6.5.10.16 and Advanced Secure Gateway 6.6-<6.7.4.17 - Unauthenticated Authentication Bypass

Title source: llm

Description

The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331

Scores

CVSS v3 9.8

EPSS 0.0049

EPSS Percentile 65.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (8)

broadcom/symantec_advanced_secure_gateway_500-10_firmware 6.6 - 6.7.4.17

broadcom/symantec_advanced_secure_gateway_s200-30_firmware 6.6 - 6.7.4.17

broadcom/symantec_advanced_secure_gateway_s200-40_firmware 6.6 - 6.7.4.17

broadcom/symantec_advanced_secure_gateway_s400-20_firmware 6.6 - 6.7.4.17

broadcom/symantec_advanced_secure_gateway_s400-30_firmware 6.6 - 6.7.4.17

broadcom/symantec_advanced_secure_gateway_s400-40_firmware 6.6 - 6.7.4.17

broadcom/symantec_advanced_secure_gateway_s500-20_firmware 6.6 - 6.7.4.17

broadcom/symantec_proxysg 6.5 - 6.5.10.16

Published Jun 30, 2021

Tracked Since Feb 18, 2026