Sign-up

ID

VAR-201509-0148


CVE

CVE-2015-5692


TITLE

Symantec Web Gateway Management console running on the appliance software admin_messages.php Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-004899

DESCRIPTION

admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading a file with a safe extension and content type, and then leveraging an improper Sudo configuration to make this a setuid-root file. Authentication is required to exploit this vulnerability, however it can be bypassed via reflected cross-site scripting.The specific flaw exists within the admin_messages.php file which relies on mimetypes and file extensions to block potentially dangerous file uploads. An attacker can exploit this condition to upload arbitrary files as the apache user. Due to loose sudo restrictions, an attacker can add the setuid attribute and execute arbitrary code under the context of root. This may facilitate an arbitrary command execution with elevated privileges; other attacks are also possible. Symantec Web Gateway (SWG) is a set of network content filtering software developed by Symantec Corporation of the United States. The software provides web content filtering, data loss prevention, and more. There is a security vulnerability in the admin_messages.php script in the management console of SWG devices using software versions earlier than 5.2.2 DB 5.0.0.1277

Trust: 2.61

sources: NVD: CVE-2015-5692 // JVNDB: JVNDB-2015-004899 // ZDI: ZDI-15-443 // BID: 76726 // VULHUB: VHN-83653

AFFECTED PRODUCTS

vendor:symantecmodel:web gatewayscope:lteversion:5.2.2

Trust: 1.0

vendor:symantecmodel:web gatewayscope:ltversion:5.2.2 db 5.0.0.1277

Trust: 0.8

vendor:symantecmodel:web gatewayscope: - version: -

Trust: 0.7

vendor:symantecmodel:web gatewayscope:eqversion:5.2.2

Trust: 0.6

vendor:symantecmodel:web gatewayscope:eqversion:5.0.3

Trust: 0.3

vendor:symantecmodel:web gatewayscope:eqversion:5.0.1

Trust: 0.3

vendor:symantecmodel:web gatewayscope:eqversion:5.0

Trust: 0.3

vendor:symantecmodel:web gatewayscope:eqversion:4.5.0.376

Trust: 0.3

vendor:symantecmodel:web gatewayscope:eqversion:4.5

Trust: 0.3

sources: ZDI: ZDI-15-443 // BID: 76726 // JVNDB: JVNDB-2015-004899 // CNNVD: CNNVD-201509-253 // NVD: CVE-2015-5692

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5692
value: HIGH

Trust: 1.0

NVD: CVE-2015-5692
value: HIGH

Trust: 0.8

ZDI: CVE-2015-5692
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201509-253
value: HIGH

Trust: 0.6

VULHUB: VHN-83653
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-5692
severity: HIGH
baseScore: 7.9
vectorString: AV:N/AC:M/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2015-5692
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-83653
severity: HIGH
baseScore: 7.9
vectorString: AV:N/AC:M/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-15-443 // VULHUB: VHN-83653 // JVNDB: JVNDB-2015-004899 // CNNVD: CNNVD-201509-253 // NVD: CVE-2015-5692

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-83653 // JVNDB: JVNDB-2015-004899 // NVD: CVE-2015-5692

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-253

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201509-253

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004899

PATCH
title:SYM15-009url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150916_00
Trust: 1.5
sources:
            
            
            ZDI: ZDI-15-443 // 
            
            
            
            JVNDB: JVNDB-2015-004899

EXTERNAL IDS
db:NVDid:CVE-2015-5692
Trust: 3.5
db:ZDIid:ZDI-15-443
Trust: 2.7
db:BIDid:76726
Trust: 2.0
db:SECTRACKid:1033625
Trust: 1.1
db:JVNDBid:JVNDB-2015-004899
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-2917
Trust: 0.7
db:CNNVDid:CNNVD-201509-253
Trust: 0.7
db:VULHUBid:VHN-83653
Trust: 0.1
sources:
            
            
            ZDI: ZDI-15-443 // 
            
            
            
            VULHUB: VHN-83653 // 
            
            
            
            BID: 76726 // 
            
            
            
            JVNDB: JVNDB-2015-004899 // 
            
            
            
            CNNVD: CNNVD-201509-253 // 
            
            
            
            NVD: CVE-2015-5692

REFERENCES
url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150916_00
Trust: 2.6
url:http://www.zerodayinitiative.com/advisories/zdi-15-443/
Trust: 2.0
url:http://www.securityfocus.com/bid/76726
Trust: 1.7
url:http://www.securitytracker.com/id/1033625
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5692
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5692
Trust: 0.8
url:https://www.f-secure.com
Trust: 0.3
url:http://www.symantec.com/business/web-gateway
Trust: 0.3
url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150916_00
Trust: 0.1
sources:
            
            
            ZDI: ZDI-15-443 // 
            
            
            
            VULHUB: VHN-83653 // 
            
            
            
            BID: 76726 // 
            
            
            
            JVNDB: JVNDB-2015-004899 // 
            
            
            
            CNNVD: CNNVD-201509-253 // 
            
            
            
            NVD: CVE-2015-5692

CREDITS
Jos Wetzels of LeakFree Security
Trust: 0.9
sources:
            
            
            BID: 76726 // 
            
            
            
            CNNVD: CNNVD-201509-253

SOURCES
db:ZDIid:ZDI-15-443
db:VULHUBid:VHN-83653
db:BIDid:76726
db:JVNDBid:JVNDB-2015-004899
db:CNNVDid:CNNVD-201509-253
db:NVDid:CVE-2015-5692

LAST UPDATE DATE
2025-04-13T23:09:47.216000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-15-443date:2015-09-16T00:00:00
db:VULHUBid:VHN-83653date:2016-12-22T00:00:00
db:BIDid:76726date:2015-11-03T19:14:00
db:JVNDBid:JVNDB-2015-004899date:2015-09-29T00:00:00
db:CNNVDid:CNNVD-201509-253date:2015-09-21T00:00:00
db:NVDid:CVE-2015-5692date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:ZDIid:ZDI-15-443date:2015-09-16T00:00:00
db:VULHUBid:VHN-83653date:2015-09-20T00:00:00
db:BIDid:76726date:2015-09-16T00:00:00
db:JVNDBid:JVNDB-2015-004899date:2015-09-29T00:00:00
db:CNNVDid:CNNVD-201509-253date:2015-09-18T00:00:00
db:NVDid:CVE-2015-5692date:2015-09-20T20:59:07.353