Details of VAR-201509-0302

ID

VAR-201509-0302

CVE

CVE-2015-6547

TITLE

Symantec Web Gateway Vulnerability in arbitrary command execution at boot in management console running on appliance software

Trust: 0.8

sources: JVNDB: JVNDB-2015-004901

DESCRIPTION

The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands at boot time via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. Symantec Web Gateway is prone to a command-injection vulnerability. Failed exploit attempts will result in a denial-of-service condition. The software provides web content filtering, data loss prevention, and more

Trust: 1.98

sources: NVD: CVE-2015-6547 // JVNDB: JVNDB-2015-004901 // BID: 76730 // VULHUB: VHN-84508

AFFECTED PRODUCTS

vendor:	symantec	model:	web gateway	scope:	lte	version:	5.2.2	Trust: 1.0
vendor:	symantec	model:	web gateway	scope:	eq	version:	5.2.2	Trust: 0.9
vendor:	symantec	model:	web gateway	scope:	lt	version:	5.2.2 db 5.0.0.1277	Trust: 0.8
vendor:	symantec	model:	web gateway	scope:	eq	version:	5.2.1	Trust: 0.3
vendor:	symantec	model:	web gateway	scope:	eq	version:	5.2	Trust: 0.3
vendor:	symantec	model:	web gateway	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	symantec	model:	web gateway	scope:	eq	version:	5.1.0	Trust: 0.3
vendor:	symantec	model:	web gateway	scope:	eq	version:	5.0.3.18	Trust: 0.3
vendor:	symantec	model:	web gateway	scope:	eq	version:	5.0.3.17	Trust: 0.3
vendor:	symantec	model:	web gateway	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	symantec	model:	web gateway	scope:	eq	version:	5.0.2.18	Trust: 0.3
vendor:	symantec	model:	web gateway	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	symantec	model:	web gateway	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	symantec	model:	web gateway	scope:	eq	version:	5.0	Trust: 0.3
vendor:	symantec	model:	web gateway	scope:	eq	version:	4.5.0.376	Trust: 0.3
vendor:	symantec	model:	web gateway	scope:	eq	version:	4.5	Trust: 0.3
vendor:	symantec	model:	web gateway db update	scope:	ne	version:	5.2.25.0.	Trust: 0.3

sources: BID: 76730 // JVNDB: JVNDB-2015-004901 // CNNVD: CNNVD-201509-250 // NVD: CVE-2015-6547

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6547
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-6547
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201509-250
value:	HIGH
Trust: 0.6
VULHUB:	VHN-84508
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-6547
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-84508
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-84508 // JVNDB: JVNDB-2015-004901 // CNNVD: CNNVD-201509-250 // NVD: CVE-2015-6547

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-84508 // JVNDB: JVNDB-2015-004901 // NVD: CVE-2015-6547

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-250

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 76730

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004901

PATCH

title:

SYM15-009

url:

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150916_00

Trust: 0.8

sources: JVNDB: JVNDB-2015-004901

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6547	Trust: 2.8
db:	BID	id:	76730	Trust: 2.0
db:	SECTRACK	id:	1033625	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-004901	Trust: 0.8
db:	CNNVD	id:	CNNVD-201509-250	Trust: 0.7
db:	VULHUB	id:	VHN-84508	Trust: 0.1

sources: VULHUB: VHN-84508 // BID: 76730 // JVNDB: JVNDB-2015-004901 // CNNVD: CNNVD-201509-250 // NVD: CVE-2015-6547

REFERENCES

url:	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150916_00	Trust: 1.9
url:	http://www.securityfocus.com/bid/76730	Trust: 1.7
url:	http://www.securitytracker.com/id/1033625	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6547	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6547	Trust: 0.8
url:	http://www.symantec.com	Trust: 0.3
url:	http://www.symantec.com/business/web-gateway	Trust: 0.3
url:	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150916_00	Trust: 0.1

sources: VULHUB: VHN-84508 // BID: 76730 // JVNDB: JVNDB-2015-004901 // CNNVD: CNNVD-201509-250 // NVD: CVE-2015-6547

CREDITS

Daniel Jensen with Security-Assessment.com

Trust: 0.9

sources: BID: 76730 // CNNVD: CNNVD-201509-250

SOURCES

db:	VULHUB	id:	VHN-84508
db:	BID	id:	76730
db:	JVNDB	id:	JVNDB-2015-004901
db:	CNNVD	id:	CNNVD-201509-250
db:	NVD	id:	CVE-2015-6547

LAST UPDATE DATE

2025-04-13T23:09:47.251000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-84508	date:	2016-12-22T00:00:00
db:	BID	id:	76730	date:	2015-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2015-004901	date:	2015-09-29T00:00:00
db:	CNNVD	id:	CNNVD-201509-250	date:	2015-09-21T00:00:00
db:	NVD	id:	CVE-2015-6547	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-84508	date:	2015-09-20T00:00:00
db:	BID	id:	76730	date:	2015-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2015-004901	date:	2015-09-29T00:00:00
db:	CNNVD	id:	CNNVD-201509-250	date:	2015-09-18T00:00:00
db:	NVD	id:	CVE-2015-6547	date:	2015-09-20T20:59:09.447