CVE-2018-18370

Summary

The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.

Affected Software

VendorProductVersion RangeStatus
Symantec CorporationSymantec Advanced Secure Gateway (ASG)6.6 and 6.7 prior to 6.7.4.2affected
Symantec CorporationSymantec ProxySG6.5 prior to 6.5.10.15affected
Symantec CorporationSymantec ProxySG6.6affected
Symantec CorporationSymantec ProxySG6.7 prior to 6.7.4.2affected

Weaknesses

  • Cross-site-scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References