Details of VAR-201705-3129

ID

VAR-201705-3129

CVE

CVE-2016-9100

TITLE

Symantec ProxySG and Advanced Secure Gateway Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2018-01387 // CNNVD: CNNVD-201801-444

DESCRIPTION

Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information. (DoS) It may be in a state. Both Symantec ProxySG and AdvancedSecureGateway (ASG) are security gateway devices from Symantec Corporation of the United States. A remote attacker can exploit this vulnerability to obtain sensitive information

Trust: 2.52

sources: NVD: CVE-2016-9100 // JVNDB: JVNDB-2016-009736 // CNVD: CNVD-2018-01387 // BID: 102454 // VULHUB: VHN-97920

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-01387

AFFECTED PRODUCTS

vendor:	broadcom	model:	symantec proxysg	scope:	lt	version:	6.6.5.13	Trust: 1.0
vendor:	broadcom	model:	symantec proxysg	scope:	gte	version:	6.6	Trust: 1.0
vendor:	broadcom	model:	symantec proxysg	scope:	lt	version:	6.5.10.6	Trust: 1.0
vendor:	broadcom	model:	advanced secure gateway	scope:	gte	version:	6.6	Trust: 1.0
vendor:	broadcom	model:	symantec proxysg	scope:	lt	version:	6.7.3.1	Trust: 1.0
vendor:	broadcom	model:	symantec proxysg	scope:	gte	version:	6.5	Trust: 1.0
vendor:	broadcom	model:	advanced secure gateway	scope:	lt	version:	6.6.5.13	Trust: 1.0
vendor:	broadcom	model:	symantec proxysg	scope:	gte	version:	6.7	Trust: 1.0
vendor:	broadcom	model:	advanced secure gateway	scope:	gte	version:	6.7	Trust: 1.0
vendor:	broadcom	model:	advanced secure gateway	scope:	lt	version:	6.7.3.1	Trust: 1.0
vendor:	broadcom	model:	advanced secure gateway	scope:	-	version:	-	Trust: 0.8
vendor:	broadcom	model:	symantec proxysg	scope:	-	version:	-	Trust: 0.8
vendor:	symantec	model:	advanced secure gateway	scope:	gte	version:	6.6<=6.6.5.13	Trust: 0.6
vendor:	symantec	model:	advanced secure gateway	scope:	gte	version:	6.7<=6.7.3.1	Trust: 0.6
vendor:	symantec	model:	proxysg	scope:	gte	version:	6.6<=6.6.5.13	Trust: 0.6
vendor:	symantec	model:	proxysg	scope:	gte	version:	6.7<=6.7.3.1	Trust: 0.6
vendor:	bluecoat	model:	proxysg	scope:	eq	version:	6.7	Trust: 0.3
vendor:	bluecoat	model:	proxysg	scope:	eq	version:	6.6	Trust: 0.3
vendor:	bluecoat	model:	proxysg	scope:	eq	version:	6.5	Trust: 0.3
vendor:	bluecoat	model:	advanced secure gateway	scope:	eq	version:	6.7	Trust: 0.3
vendor:	bluecoat	model:	advanced secure gateway	scope:	eq	version:	6.6	Trust: 0.3
vendor:	symantec	model:	proxysg	scope:	ne	version:	6.7.3.1	Trust: 0.3
vendor:	symantec	model:	proxysg	scope:	ne	version:	6.6.5.13	Trust: 0.3
vendor:	symantec	model:	proxysg	scope:	ne	version:	6.5.10.6	Trust: 0.3
vendor:	symantec	model:	advanced secure gateway	scope:	ne	version:	6.7.3.1	Trust: 0.3
vendor:	symantec	model:	advanced secure gateway	scope:	ne	version:	6.6.5.13	Trust: 0.3

sources: CNVD: CNVD-2018-01387 // BID: 102454 // JVNDB: JVNDB-2016-009736 // NVD: CVE-2016-9100

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-9100
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-9100
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-01387
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201801-444
value:	HIGH
Trust: 0.6
VULHUB:	VHN-97920
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2016-9100
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-01387
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-97920
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-9100
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-01387 // VULHUB: VHN-97920 // JVNDB: JVNDB-2016-009736 // CNNVD: CNNVD-201801-444 // NVD: CVE-2016-9100

PROBLEMTYPE DATA

problemtype:	CWE-255	Trust: 1.1
problemtype:	Certificate/password management (CWE-255) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-97920 // JVNDB: JVNDB-2016-009736 // NVD: CVE-2016-9100

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201801-444

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201801-444

PATCH

title:	Patch for SymantecProxySG and AdvancedSecureGateway Information Disclosure Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/113947	Trust: 0.6
title:	Symantec ProxySG and Advanced Secure Gateway Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77693	Trust: 0.6

sources: CNVD: CNVD-2018-01387 // CNNVD: CNNVD-201801-444

EXTERNAL IDS

db:	NVD	id:	CVE-2016-9100	Trust: 4.2
db:	BID	id:	102454	Trust: 3.4
db:	SECTRACK	id:	1040138	Trust: 2.5
db:	JVNDB	id:	JVNDB-2016-009736	Trust: 0.8
db:	CNNVD	id:	CNNVD-201801-444	Trust: 0.7
db:	CNVD	id:	CNVD-2018-01387	Trust: 0.6
db:	VULHUB	id:	VHN-97920	Trust: 0.1

sources: CNVD: CNVD-2018-01387 // VULHUB: VHN-97920 // BID: 102454 // JVNDB: JVNDB-2016-009736 // CNNVD: CNNVD-201801-444 // NVD: CVE-2016-9100

REFERENCES

url:	https://www.symantec.com/security-center/network-protection-security-advisories/sa155	Trust: 3.1
url:	http://www.securityfocus.com/bid/102454	Trust: 3.1
url:	http://www.securitytracker.com/id/1040138	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2016-9100	Trust: 0.8
url:	https://www.symantec.com/products/secure-web-gateway-proxy-sg-and-asg	Trust: 0.3
url:	http://www.symantec.com	Trust: 0.3

sources: CNVD: CNVD-2018-01387 // VULHUB: VHN-97920 // BID: 102454 // JVNDB: JVNDB-2016-009736 // CNNVD: CNNVD-201801-444 // NVD: CVE-2016-9100

CREDITS

Jakub Palaczynski and Pawel Bartunek.

Trust: 0.9

sources: BID: 102454 // CNNVD: CNNVD-201801-444

SOURCES

db:	CNVD	id:	CNVD-2018-01387
db:	VULHUB	id:	VHN-97920
db:	BID	id:	102454
db:	JVNDB	id:	JVNDB-2016-009736
db:	CNNVD	id:	CNNVD-201801-444
db:	NVD	id:	CVE-2016-9100

LAST UPDATE DATE

2024-11-23T21:53:31.307000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-01387	date:	2018-01-19T00:00:00
db:	VULHUB	id:	VHN-97920	date:	2021-07-08T00:00:00
db:	BID	id:	102454	date:	2018-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2016-009736	date:	2024-07-18T07:31:00
db:	CNNVD	id:	CNNVD-201801-444	date:	2021-06-28T00:00:00
db:	NVD	id:	CVE-2016-9100	date:	2024-11-21T03:00:35.787

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-01387	date:	2018-01-19T00:00:00
db:	VULHUB	id:	VHN-97920	date:	2017-05-11T00:00:00
db:	BID	id:	102454	date:	2018-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2016-009736	date:	2024-07-18T00:00:00
db:	CNNVD	id:	CNNVD-201801-444	date:	2018-01-12T00:00:00
db:	NVD	id:	CVE-2016-9100	date:	2017-05-11T14:30:16.437