CVE-2021-46825 — CRITICAL (9.1)

Vulnerability Description

Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Broadcom	Advanced Secure Gateway	6.7
Broadcom	Proxysg	6.7

Related Weaknesses (CWE)

CWE-444

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/conVendor Advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/conVendor Advisory

FAQ

What is CVE-2021-46825?

CVE-2021-46825 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the ...

How severe is CVE-2021-46825?

CVE-2021-46825 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-46825?

Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Advanced Secure Gateway, Broadcom Proxysg.