Sign-up

ID

VAR-201801-0019


CVE

CVE-2016-10257


TITLE

Symantec Advanced Secure Gateway and ProxySG Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-001362

DESCRIPTION

The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256. This vulnerability CVE-2016-10256 Is a different vulnerability.Information may be obtained and information may be altered. Symantec AdvancedSecureGateway (ASG) and ProxySG are security gateway devices from Symantec Corporation of the United States. Managementconsole is one of the management consoles. Symantec ProxySG and ASG are prone to a cross-site-scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks

Trust: 2.52

sources: NVD: CVE-2016-10257 // JVNDB: JVNDB-2018-001362 // CNVD: CNVD-2018-04070 // BID: 102447 // VULHUB: VHN-89015

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-04070

AFFECTED PRODUCTS

vendor:symantecmodel:proxysgscope:eqversion:6.6

Trust: 2.0

vendor:symantecmodel:advanced secure gatewayscope:eqversion:6.6

Trust: 2.0

vendor:broadcommodel:symantec proxysgscope:gteversion:6.5

Trust: 1.0

vendor:broadcommodel:symantec proxysgscope:gteversion:6.7

Trust: 1.0

vendor:broadcommodel:symantec proxysgscope:ltversion:6.7.2.1

Trust: 1.0

vendor:broadcommodel:advanced secure gatewayscope:gteversion:6.7

Trust: 1.0

vendor:broadcommodel:advanced secure gatewayscope:eqversion:6.6

Trust: 1.0

vendor:broadcommodel:symantec proxysgscope:eqversion:6.6

Trust: 1.0

vendor:broadcommodel:symantec proxysgscope:ltversion:6.5.10.6

Trust: 1.0

vendor:broadcommodel:advanced secure gatewayscope:ltversion:6.7.2.1

Trust: 1.0

vendor:symantecmodel:proxysgscope:eqversion:6.7.2.1

Trust: 0.8

vendor:symantecmodel:proxysgscope:ltversion:6.5

Trust: 0.8

vendor:symantecmodel:advanced secure gatewayscope:ltversion:6.7

Trust: 0.8

vendor:symantecmodel:proxysgscope:eqversion:6.5.10.6

Trust: 0.8

vendor:symantecmodel:advanced secure gatewayscope:eqversion:6.7.2.1

Trust: 0.8

vendor:symantecmodel:proxysgscope:ltversion:6.7

Trust: 0.8

vendor:symantecmodel:advanced secure gatewayscope:eqversion:6.7<6.7.2.1

Trust: 0.6

vendor:symantecmodel:proxysgscope:eqversion:6.5<6.5.10.6

Trust: 0.6

vendor:symantecmodel:proxysgscope:eqversion:6.7<6.7.2.1

Trust: 0.6

vendor:bluecoatmodel:proxysgscope:eqversion:6.7

Trust: 0.3

vendor:bluecoatmodel:proxysgscope:eqversion:6.6

Trust: 0.3

vendor:bluecoatmodel:proxysgscope:eqversion:6.5

Trust: 0.3

vendor:bluecoatmodel:advanced secure gatewayscope:eqversion:6.7

Trust: 0.3

vendor:bluecoatmodel:advanced secure gatewayscope:eqversion:6.6

Trust: 0.3

vendor:symantecmodel:proxysgscope:neversion:6.7.2.1

Trust: 0.3

vendor:symantecmodel:proxysgscope:neversion:6.5.10.6

Trust: 0.3

vendor:symantecmodel:advanced secure gatewayscope:neversion:6.7.2.1

Trust: 0.3

sources: CNVD: CNVD-2018-04070 // BID: 102447 // JVNDB: JVNDB-2018-001362 // CNNVD: CNNVD-201703-1031 // NVD: CVE-2016-10257

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-10257
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-10257
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-04070
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201703-1031
value: MEDIUM

Trust: 0.6

VULHUB: VHN-89015
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-10257
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-04070
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-89015
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-10257
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-04070 // VULHUB: VHN-89015 // JVNDB: JVNDB-2018-001362 // CNNVD: CNNVD-201703-1031 // NVD: CVE-2016-10257

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-89015 // JVNDB: JVNDB-2018-001362 // NVD: CVE-2016-10257

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-1031

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201703-1031

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001362

PATCH
title:SA155url:https://www.symantec.com/security-center/network-protection-security-advisories/SA155
Trust: 0.8
title:Patch for Symantec ASG and ProxySG Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/119469
Trust: 0.6
title:Symantec Advanced Secure Gateway  and ProxySG Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155175
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-04070 // 
            
            
            
            JVNDB: JVNDB-2018-001362 // 
            
            
            
            CNNVD: CNNVD-201703-1031

EXTERNAL IDS
db:NVDid:CVE-2016-10257
Trust: 3.4
db:BIDid:102447
Trust: 2.6
db:SECTRACKid:1040138
Trust: 1.7
db:JVNDBid:JVNDB-2018-001362
Trust: 0.8
db:CNNVDid:CNNVD-201703-1031
Trust: 0.7
db:CNVDid:CNVD-2018-04070
Trust: 0.6
db:VULHUBid:VHN-89015
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-04070 // 
            
            
            
            VULHUB: VHN-89015 // 
            
            
            
            BID: 102447 // 
            
            
            
            JVNDB: JVNDB-2018-001362 // 
            
            
            
            CNNVD: CNNVD-201703-1031 // 
            
            
            
            NVD: CVE-2016-10257

REFERENCES
url:https://www.symantec.com/security-center/network-protection-security-advisories/sa155
Trust: 2.3
url:http://www.securityfocus.com/bid/102447
Trust: 2.3
url:http://www.securitytracker.com/id/1040138
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10257
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-10257
Trust: 0.8
url:http://www.symantec.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-04070 // 
            
            
            
            VULHUB: VHN-89015 // 
            
            
            
            BID: 102447 // 
            
            
            
            JVNDB: JVNDB-2018-001362 // 
            
            
            
            CNNVD: CNNVD-201703-1031 // 
            
            
            
            NVD: CVE-2016-10257

CREDITS
Jakub Palaczynski and Pawel Bartunek.
Trust: 0.3
sources:
            
            
            BID: 102447

SOURCES
db:CNVDid:CNVD-2018-04070
db:VULHUBid:VHN-89015
db:BIDid:102447
db:JVNDBid:JVNDB-2018-001362
db:CNNVDid:CNNVD-201703-1031
db:NVDid:CVE-2016-10257

LAST UPDATE DATE
2024-11-23T21:53:31.272000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-04070date:2018-03-02T00:00:00
db:VULHUBid:VHN-89015date:2021-07-08T00:00:00
db:BIDid:102447date:2018-01-09T00:00:00
db:JVNDBid:JVNDB-2018-001362date:2018-02-09T00:00:00
db:CNNVDid:CNNVD-201703-1031date:2021-06-28T00:00:00
db:NVDid:CVE-2016-10257date:2024-11-21T02:43:40.397

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-04070date:2018-03-01T00:00:00
db:VULHUBid:VHN-89015date:2018-01-10T00:00:00
db:BIDid:102447date:2018-01-09T00:00:00
db:JVNDBid:JVNDB-2018-001362date:2018-02-09T00:00:00
db:CNNVDid:CNNVD-201703-1031date:2017-03-24T00:00:00
db:NVDid:CVE-2016-10257date:2018-01-10T02:29:31.880