Vulnerability Description
Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Advanced Secure Gateway | >= 6.6, < 6.6.5.14 |
| Broadcom | Symantec Proxysg | >= 6.5, < 6.5.10.8 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103685Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040757Third Party AdvisoryVDB Entry
- https://www.symantec.com/security-center/network-protection-security-advisories/Vendor Advisory
- http://www.securityfocus.com/bid/103685Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040757Third Party AdvisoryVDB Entry
- https://www.symantec.com/security-center/network-protection-security-advisories/Vendor Advisory
FAQ
What is CVE-2016-10258?
CVE-2016-10258 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the ma...
How severe is CVE-2016-10258?
CVE-2016-10258 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-10258?
Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Advanced Secure Gateway, Broadcom Symantec Proxysg.