Details of VAR-201308-0346

ID

VAR-201308-0346

CVE

CVE-2013-4673

TITLE

Symantec Web Gateway Appliance management console arbitrary code execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-003623

DESCRIPTION

The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 does not properly implement RADIUS authentication, which allows remote attackers to execute arbitrary code by leveraging access to the login prompt. Successful exploits will result in the execution of arbitrary commands in the context of the affected appliance. Versions prior to Symantec Web Gateway 5.1.1 are vulnerable. Symantec Web Gateway (SWG) is a set of network content filtering software developed by Symantec Corporation of the United States. The software provides web content filtering, data loss prevention, and more. There is a vulnerability in the management console of SWG Appliance versions earlier than 5.1. The vulnerability is caused by the program not implementing RADIUS authentication correctly

Trust: 1.98

sources: NVD: CVE-2013-4673 // JVNDB: JVNDB-2013-003623 // BID: 61105 // VULHUB: VHN-64675

AFFECTED PRODUCTS

vendor:	symantec	model:	web gateway	scope:	eq	version:	5.0.3.18	Trust: 1.6
vendor:	symantec	model:	web gateway	scope:	eq	version:	5.0.3	Trust: 1.6
vendor:	symantec	model:	web gateway	scope:	eq	version:	5.0	Trust: 1.6
vendor:	symantec	model:	web gateway	scope:	eq	version:	5.0.1	Trust: 1.6
vendor:	symantec	model:	web gateway	scope:	eq	version:	5.0.2	Trust: 1.6
vendor:	symantec	model:	web gateway appliance 8450	scope:	eq	version:	-	Trust: 1.0
vendor:	symantec	model:	web gateway	scope:	lte	version:	5.1	Trust: 1.0
vendor:	symantec	model:	web gateway appliance 8490	scope:	eq	version:	-	Trust: 1.0
vendor:	symantec	model:	web gateway	scope:	lt	version:	5.1.1	Trust: 0.8
vendor:	symantec	model:	web gateway the appliance 8450	scope:	-	version:	-	Trust: 0.8
vendor:	symantec	model:	web gateway the appliance 8490	scope:	-	version:	-	Trust: 0.8
vendor:	symantec	model:	web gateway	scope:	eq	version:	5.1	Trust: 0.6

sources: JVNDB: JVNDB-2013-003623 // CNNVD: CNNVD-201307-620 // NVD: CVE-2013-4673

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-4673
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-4673
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201307-620
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-64675
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-4673
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-64675
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-64675 // JVNDB: JVNDB-2013-003623 // CNNVD: CNNVD-201307-620 // NVD: CVE-2013-4673

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-64675 // JVNDB: JVNDB-2013-003623 // NVD: CVE-2013-4673

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201307-620

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201307-620

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003623

PATCH

title:	SYM13-008	url:	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00	Trust: 0.8
title:	SYM13-008	url:	http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00	Trust: 0.8

sources: JVNDB: JVNDB-2013-003623

EXTERNAL IDS

db:	NVD	id:	CVE-2013-4673	Trust: 2.8
db:	BID	id:	61105	Trust: 2.0
db:	OSVDB	id:	95702	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-003623	Trust: 0.8
db:	CNNVD	id:	CNNVD-201307-620	Trust: 0.7
db:	VULHUB	id:	VHN-64675	Trust: 0.1

sources: VULHUB: VHN-64675 // BID: 61105 // JVNDB: JVNDB-2013-003623 // CNNVD: CNNVD-201307-620 // NVD: CVE-2013-4673

REFERENCES

url:	http://www.securityfocus.com/bid/61105	Trust: 1.7
url:	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00	Trust: 1.6
url:	http://osvdb.org/95702	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/85990	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4673	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4673	Trust: 0.8
url:	http://www.symantec.com/business/web-gateway	Trust: 0.3
url:	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00	Trust: 0.1

sources: VULHUB: VHN-64675 // BID: 61105 // JVNDB: JVNDB-2013-003623 // CNNVD: CNNVD-201307-620 // NVD: CVE-2013-4673

CREDITS

Offensive Security

Trust: 0.9

sources: BID: 61105 // CNNVD: CNNVD-201307-620

SOURCES

db:	VULHUB	id:	VHN-64675
db:	BID	id:	61105
db:	JVNDB	id:	JVNDB-2013-003623
db:	CNNVD	id:	CNNVD-201307-620
db:	NVD	id:	CVE-2013-4673

LAST UPDATE DATE

2025-04-11T23:19:27.950000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-64675	date:	2017-11-18T00:00:00
db:	BID	id:	61105	date:	2013-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2013-003623	date:	2013-08-02T00:00:00
db:	CNNVD	id:	CNNVD-201307-620	date:	2013-08-06T00:00:00
db:	NVD	id:	CVE-2013-4673	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-64675	date:	2013-08-01T00:00:00
db:	BID	id:	61105	date:	2013-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2013-003623	date:	2013-08-02T00:00:00
db:	CNNVD	id:	CNNVD-201307-620	date:	2013-07-31T00:00:00
db:	NVD	id:	CVE-2013-4673	date:	2013-08-01T13:32:21.410