Vulnerability Description
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges.
CVSS Score
7.8
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Messaging Gateway | 10.6.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/136758/Symantec-Brightmail-10.6.0-7-LDAP-CrExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/86137ExploitThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1035609Third Party AdvisoryVDB Entry
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securitVendor Advisory
- https://www.exploit-db.com/exploits/39715/ExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/136758/Symantec-Brightmail-10.6.0-7-LDAP-CrExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/86137ExploitThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1035609Third Party AdvisoryVDB Entry
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securitVendor Advisory
- https://www.exploit-db.com/exploits/39715/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2016-2203?
CVE-2016-2203 is a vulnerability with a CVSS score of 7.8 (HIGH). The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges.
How severe is CVE-2016-2203?
CVE-2016-2203 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-2203?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Messaging Gateway.