Vulnerability Details : CVE-2016-9099
Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site.
Vulnerability category: Open redirect
Products affected by CVE-2016-9099
- cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-9099
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 48 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-9099
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST | |
6.1
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2016-9099
-
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-9099
-
https://www.symantec.com/security-center/network-protection-security-advisories/SA155
SA155: Multiple ASG and ProxySG VulnerabilitiesVendor Advisory
-
http://www.securityfocus.com/bid/102455
Symantec ProxySG and ASG CVE-2016-9099 Open Redirection VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1040138
Blue Coat ProxySG Multiple Flaws Let Remote Users Conduct Cross-Site Scripting and Open Redirect Attacks and Obtain Authentication Information - SecurityTrackerThird Party Advisory;VDB Entry
Jump to