Sign-up

ID

VAR-201809-0138


CVE

CVE-2018-12242


TITLE

Symantec Messaging Gateway Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-011522

DESCRIPTION

The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network. Symantec Messaging Gateway Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Versions prior to Messaging Gateway 10.6.6 are vulnerable. Symantec Messaging Gateway is a set of anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies developed by Symantec

Trust: 1.98

sources: NVD: CVE-2018-12242 // JVNDB: JVNDB-2018-011522 // BID: 105329 // VULHUB: VHN-122182

AFFECTED PRODUCTS

vendor:symantecmodel:messaging gatewayscope:ltversion:10.6.6

Trust: 1.8

vendor:symantecmodel:messaging gatewayscope:eqversion:10.5.2

Trust: 0.9

vendor:symantecmodel:messaging gatewayscope:eqversion:10.5.1

Trust: 0.9

vendor:symantecmodel:messaging gatewayscope:eqversion:10.0.1

Trust: 0.9

vendor:symantecmodel:messaging gatewayscope:eqversion:9.5.4

Trust: 0.9

vendor:symantecmodel:messaging gatewayscope:eqversion:9.5.2

Trust: 0.9

vendor:symantecmodel:messaging gatewayscope:eqversion:9.5.1

Trust: 0.9

vendor:symantecmodel:messaging gatewayscope:eqversion:10.0.3

Trust: 0.9

vendor:symantecmodel:messaging gatewayscope:eqversion:10.0.2

Trust: 0.9

vendor:symantecmodel:messaging gatewayscope:eqversion:10.0

Trust: 0.9

vendor:symantecmodel:messaging gatewayscope:eqversion:10.5.0

Trust: 0.6

vendor:symantecmodel:messaging gatewayscope:eqversion:10.6.3

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:10.5

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:9.5.3

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:9.5

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:10.6.5

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:10.6.4

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:10.6.2

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:10.6.1

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:10.6

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:eqversion:10.1

Trust: 0.3

vendor:symantecmodel:messaging gatewayscope:neversion:10.6.6

Trust: 0.3

sources: BID: 105329 // JVNDB: JVNDB-2018-011522 // CNNVD: CNNVD-201809-889 // NVD: CVE-2018-12242

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12242
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-12242
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201809-889
value: HIGH

Trust: 0.6

VULHUB: VHN-122182
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-12242
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-122182
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12242
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-122182 // JVNDB: JVNDB-2018-011522 // CNNVD: CNNVD-201809-889 // NVD: CVE-2018-12242

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-122182 // JVNDB: JVNDB-2018-011522 // NVD: CVE-2018-12242

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-889

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201809-889

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011522

PATCH
title:SYMSA1461url:https://support.symantec.com/en_US/article.SYMSA1461.html
Trust: 0.8
title:Symantec Messaging Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85008
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-011522 // 
            
            
            
            CNNVD: CNNVD-201809-889

EXTERNAL IDS
db:NVDid:CVE-2018-12242
Trust: 2.8
db:BIDid:105329
Trust: 1.4
db:JVNDBid:JVNDB-2018-011522
Trust: 0.8
db:CNNVDid:CNNVD-201809-889
Trust: 0.7
db:VULHUBid:VHN-122182
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122182 // 
            
            
            
            BID: 105329 // 
            
            
            
            JVNDB: JVNDB-2018-011522 // 
            
            
            
            CNNVD: CNNVD-201809-889 // 
            
            
            
            NVD: CVE-2018-12242

REFERENCES
url:https://support.symantec.com/en_us/article.symsa1461.html
Trust: 2.0
url:http://www.securityfocus.com/bid/105329
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12242
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-12242
Trust: 0.8
url:http://www.symantec.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-122182 // 
            
            
            
            BID: 105329 // 
            
            
            
            JVNDB: JVNDB-2018-011522 // 
            
            
            
            CNNVD: CNNVD-201809-889 // 
            
            
            
            NVD: CVE-2018-12242

CREDITS
Artem Kondratenko, Arseny Sharoglazov, Alexey Osipov from Kaspersky Lab Security Services @kl_secservices
Trust: 0.3
sources:
            
            
            BID: 105329

SOURCES
db:VULHUBid:VHN-122182
db:BIDid:105329
db:JVNDBid:JVNDB-2018-011522
db:CNNVDid:CNNVD-201809-889
db:NVDid:CVE-2018-12242

LAST UPDATE DATE
2024-11-23T22:58:55.345000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-122182date:2018-12-08T00:00:00
db:BIDid:105329date:2018-09-19T00:00:00
db:JVNDBid:JVNDB-2018-011522date:2019-01-16T00:00:00
db:CNNVDid:CNNVD-201809-889date:2018-09-20T00:00:00
db:NVDid:CVE-2018-12242date:2024-11-21T03:44:50.790

SOURCES RELEASE DATE
db:VULHUBid:VHN-122182date:2018-09-19T00:00:00
db:BIDid:105329date:2018-09-19T00:00:00
db:JVNDBid:JVNDB-2018-011522date:2019-01-16T00:00:00
db:CNNVDid:CNNVD-201809-889date:2018-09-20T00:00:00
db:NVDid:CVE-2018-12242date:2018-09-19T15:29:19.110