CVE-2018-18371

Summary

The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.

Affected Software

VendorProductVersion RangeStatus
Symantec CorporationSymantec Advanced Secure Gateway (ASG)6.6 and 6.7 prior to 6.7.4.2affected
Symantec CorporationSymantec ProxySG6.5 prior to 6.5.10.15affected
Symantec CorporationSymantec ProxySG6.6affected
Symantec CorporationSymantec ProxySG6.7 prior to 6.7.4.2affected

Weaknesses

  • Information disclosure

ADP Enrichment

CVE Program Container

Additional References

References