9.8

CVE-2021-30648

The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance.

Data is provided by the National Vulnerability Database (NVD)
BroadcomSymantec Proxysg Version >= 6.5 < 6.5.10.16
BroadcomSymantec Proxysg Version >= 6.6 < 6.6.5.19
BroadcomSymantec Proxysg Version >= 6.7 < 6.7.5.12
BroadcomSymantec Proxysg Version >= 7.2 < 7.2.7.2
BroadcomSymantec Proxysg Version >= 7.3 < 7.3.3.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.49% 0.628
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 9 10 8.5
AV:N/AC:L/Au:N/C:P/I:P/A:C
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.