CVE-2016-10258

Summary

Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.

Affected Software

VendorProductVersion RangeStatus
Symantec CorporationAdvanced Secure Gateway (ASG)6.6 prior to 6.6.5.14affected
Symantec CorporationAdvanced Secure Gateway (ASG)6.7 prior to 6.7.3.1affected
Symantec CorporationProxySG6.5 prior to 6.5.10.8affected
Symantec CorporationProxySG6.6 prior to 6.6.5.14affected
Symantec CorporationProxySG6.7 prior to 6.7.3.1affected

Weaknesses

  • Unrestricted file upload

ADP Enrichment

CVE Program Container

Additional References

References