Sign-up

ID

VAR-202207-0296


CVE

CVE-2021-46825


TITLE

Broadcom  of  advanced secure gateway  and  proxysg  In  HTTP  Request Smuggling Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-012857

DESCRIPTION

Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Trust: 1.8

sources: NVD: CVE-2021-46825 // JVNDB: JVNDB-2022-012857 // VULHUB: VHN-427098 // VULMON: CVE-2021-46825

AFFECTED PRODUCTS

vendor:broadcommodel:proxysgscope:eqversion:7.3

Trust: 1.0

vendor:broadcommodel:advanced secure gatewayscope:eqversion:7.3

Trust: 1.0

vendor:broadcommodel:proxysgscope:eqversion:6.7

Trust: 1.0

vendor:broadcommodel:advanced secure gatewayscope:eqversion:6.7

Trust: 1.0

vendor:broadcommodel:advanced secure gatewayscope: - version: -

Trust: 0.8

vendor:broadcommodel:proxysgscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-012857 // NVD: CVE-2021-46825

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-46825
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-46825
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202207-563
value: CRITICAL

Trust: 0.6

VULHUB: VHN-427098
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-46825
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-46825
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-427098
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-46825
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-46825
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-427098 // VULMON: CVE-2021-46825 // JVNDB: JVNDB-2022-012857 // CNNVD: CNNVD-202207-563 // NVD: CVE-2021-46825

PROBLEMTYPE DATA

problemtype:CWE-444

Trust: 1.0

problemtype:HTTP Request Smuggling (CWE-444) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-287

Trust: 0.1

sources: VULHUB: VHN-427098 // JVNDB: JVNDB-2022-012857 // NVD: CVE-2021-46825

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-563

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202207-563

PATCH

title:Symantec Advanced Secure Gateway Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200035

Trust: 0.6

sources: CNNVD: CNNVD-202207-563

EXTERNAL IDS

db:NVDid:CVE-2021-46825

Trust: 3.4

db:JVNDBid:JVNDB-2022-012857

Trust: 0.8

db:CNNVDid:CNNVD-202207-563

Trust: 0.7

db:VULHUBid:VHN-427098

Trust: 0.1

db:VULMONid:CVE-2021-46825

Trust: 0.1

sources: VULHUB: VHN-427098 // VULMON: CVE-2021-46825 // JVNDB: JVNDB-2022-012857 // CNNVD: CNNVD-202207-563 // NVD: CVE-2021-46825

REFERENCES

url:https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/securityadvisories/0/20638

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-46825

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2021-46825/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/287.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-427098 // VULMON: CVE-2021-46825 // JVNDB: JVNDB-2022-012857 // CNNVD: CNNVD-202207-563 // NVD: CVE-2021-46825

SOURCES

db:VULHUBid:VHN-427098
db:VULMONid:CVE-2021-46825
db:JVNDBid:JVNDB-2022-012857
db:CNNVDid:CNNVD-202207-563
db:NVDid:CVE-2021-46825

LAST UPDATE DATE

2024-08-14T14:37:27.567000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-427098date:2022-07-14T00:00:00
db:VULMONid:CVE-2021-46825date:2022-07-14T00:00:00
db:JVNDBid:JVNDB-2022-012857date:2023-09-01T08:17:00
db:CNNVDid:CNNVD-202207-563date:2022-07-15T00:00:00
db:NVDid:CVE-2021-46825date:2023-08-08T14:21:49.707

SOURCES RELEASE DATE

db:VULHUBid:VHN-427098date:2022-07-07T00:00:00
db:VULMONid:CVE-2021-46825date:2022-07-07T00:00:00
db:JVNDBid:JVNDB-2022-012857date:2023-09-01T00:00:00
db:CNNVDid:CNNVD-202207-563date:2022-07-07T00:00:00
db:NVDid:CVE-2021-46825date:2022-07-07T16:15:09.017