Sign-up

ID

VAR-201912-1229


CVE

CVE-2019-18377


TITLE

Symantec Messaging Gateway Vulnerability in Permission Management

Trust: 0.8

sources: JVNDB: JVNDB-2019-012941

DESCRIPTION

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. Symantec Messaging Gateway Contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is a set of spam filters of Symantec Corporation of the United States. The product includes features such as antispam, antivirus, advanced content filtering, and data loss prevention. A security vulnerability exists in Symantec Messaging Gateway prior to 10.7.3. A remote attacker could exploit this vulnerability to elevate privileges

Trust: 1.71

sources: NVD: CVE-2019-18377 // JVNDB: JVNDB-2019-012941 // VULHUB: VHN-150717

AFFECTED PRODUCTS

vendor:symantecmodel:messaging gatewayscope:ltversion:10.7.3

Trust: 1.8

sources: JVNDB: JVNDB-2019-012941 // NVD: CVE-2019-18377

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18377
value: HIGH

Trust: 1.0

NVD: CVE-2019-18377
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201912-516
value: HIGH

Trust: 0.6

VULHUB: VHN-150717
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-18377
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-150717
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-18377
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-18377
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-150717 // JVNDB: JVNDB-2019-012941 // CNNVD: CNNVD-201912-516 // NVD: CVE-2019-18377

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-269

Trust: 0.8

sources: JVNDB: JVNDB-2019-012941 // NVD: CVE-2019-18377

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-516

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201912-516

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012941

PATCH
title:SYMSA1501url:https://support.symantec.com/us/en/article.SYMSA1501.html
Trust: 0.8
title:Symantec Messaging Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105351
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-012941 // 
            
            
            
            CNNVD: CNNVD-201912-516

EXTERNAL IDS
db:NVDid:CVE-2019-18377
Trust: 2.5
db:JVNDBid:JVNDB-2019-012941
Trust: 0.8
db:CNNVDid:CNNVD-201912-516
Trust: 0.7
db:CNVDid:CNVD-2020-04080
Trust: 0.1
db:VULHUBid:VHN-150717
Trust: 0.1
sources:
            
            
            VULHUB: VHN-150717 // 
            
            
            
            JVNDB: JVNDB-2019-012941 // 
            
            
            
            CNNVD: CNNVD-201912-516 // 
            
            
            
            NVD: CVE-2019-18377

REFERENCES
url:https://support.symantec.com/us/en/article.symsa1501.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-18377
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18377
Trust: 0.8
sources:
            
            
            VULHUB: VHN-150717 // 
            
            
            
            JVNDB: JVNDB-2019-012941 // 
            
            
            
            CNNVD: CNNVD-201912-516 // 
            
            
            
            NVD: CVE-2019-18377

SOURCES
db:VULHUBid:VHN-150717
db:JVNDBid:JVNDB-2019-012941
db:CNNVDid:CNNVD-201912-516
db:NVDid:CVE-2019-18377

LAST UPDATE DATE
2024-11-23T22:29:49.375000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-150717date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-012941date:2019-12-17T00:00:00
db:CNNVDid:CNNVD-201912-516date:2020-08-25T00:00:00
db:NVDid:CVE-2019-18377date:2024-11-21T04:33:09.820

SOURCES RELEASE DATE
db:VULHUBid:VHN-150717date:2019-12-11T00:00:00
db:JVNDBid:JVNDB-2019-012941date:2019-12-17T00:00:00
db:CNNVDid:CNNVD-201912-516date:2019-12-11T00:00:00
db:NVDid:CVE-2019-18377date:2019-12-11T16:15:11.540