Vigil@nce - Symantec Web Gateway: privilege escalation via Management Console
December 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use the Management Console of Symantec Web
Gateway, in order to escalate his privileges.
Impacted products: Symantec Web Gateway.
Severity: 2/4.
Creation date: 06/10/2016.
DESCRIPTION OF THE VULNERABILITY
The Symantec Web Gateway product has a management console.
However, an attacker can inject a command in new_whitelist.php, to
add an entry in the whitelist.
An attacker can therefore use the Management Console of Symantec
Web Gateway, in order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN