QID 38854
Date Published: 2021-12-06
QID 38854: Symantec Advanced Secure Gateway (ASG) and ProxySG Authentication Bypass Vulnerability
Symantec ProxySG (SWG) is a proxy or web security gateway hardware/virtual appliance for content filtering, authentication, caching, ICAP relay.
The Symantec Advanced Secure Gateway provides comprehensive protection and control over web traffic to support your security and application performance requirements.
Symantec ProxySG and ASG is prone:
CVE-2021-30648:Authentication Bypass Vulnerability
Affected ASG Versions.
ASG 6.6 and 6.7 prior to 6.7.5.12.
ASG 7.2 prior to 7.2.7.2.
ASG 7.3 prior to 7.3.3.3.
Affected ProxySG Versions.
ProxySG 6.5, 6.6, and 6.7 prior to 6.7.5.12.
ProxySG 7.2 prior to 7.2.7.2.
ProxySG 7.3 prior to 7.3.3.3.
Qid Detection Logic
The QID checks for vulnerable versions of ProxySG and ASG, the version is retrieved via SNMP.
An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance.
CVE-2021-30648 is exploitable in ASG and ProxySG only if the attacker can send HTTP/HTTPS requests to the web management console. Customers can mitigate this vulnerability using existing network infrastructure, such as network partitioning and firewalls, to restrict access to the web management console to a trusted network.
CVE-2021-30648 is not exploitable to perform arbitrary code execution. ASG and ProxySG only provide a restricted CLI and not a general operating system shell. The CLI commands an attacker can execute are restricted to the commands provided by the CLI.
CVEs related to QID 38854
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| SYMSA18331 |
support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331 |