Vulnerability Details : CVE-2015-6547
The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands at boot time via unspecified vectors.
Products affected by CVE-2015-6547
- cpe:2.3:a:symantec:web_gateway:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-6547
0.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-6547
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.3
|
HIGH | AV:N/AC:L/Au:M/C:C/I:C/A:C |
6.4
|
10.0
|
NIST |
CWE ids for CVE-2015-6547
-
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-6547
-
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150916_00
Symantec Web Gateway Security Management Console Multiple IssuesVendor Advisory
-
http://www.securitytracker.com/id/1033625
Symantec Web Gateway Multiple Flaws Let Remote Users Conduct Cross-Site Scripting Attacks and Remote Authenticated Users Upload Files, Inject SQL Commands, and Execute Arbitrary Code - SecurityTracker
-
http://www.securityfocus.com/bid/76730
Symantec Web Gateway CVE-2015-6547 Command Injection Vulnerability
Jump to