CVE-2018-12242 - OpenCVE

The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Symantec	Messaging Gateway

Configuration 1 [-]

cpe:2.3:a:symantec:messaging_gateway:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/105329	Third Party Advisory VDB Entry
https://support.symantec.com/en_US/article.SYMSA1461.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: symantec

Published: 2018-09-12T00:00:00

Updated: 2018-09-20T09:57:01

Reserved: 2018-06-12T00:00:00

Link: CVE-2018-12242

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-09-19T15:29:19.110

Modified: 2018-12-08T02:28:19.473

Link: CVE-2018-12242

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "Symantec Messaging Gateway", "vendor": "Symantec Corporation", "versions": [{"status": "affected", "version": "Prior to 10.6.6"}]}], "datePublic": "2018-09-12T00:00:00", "descriptions": [{"lang": "en", "value": "The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network."}], "problemTypes": [{"descriptions": [{"description": "Authentication bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-20T09:57:01", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.symantec.com/en_US/article.SYMSA1461.html"}, {"name": "105329", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105329"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@symantec.com", "DATE_PUBLIC": "2018-09-12T00:00:00", "ID": "CVE-2018-12242", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Symantec Messaging Gateway", "version": {"version_data": [{"version_value": "Prior to 10.6.6"}]}}]}, "vendor_name": "Symantec Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Authentication bypass"}]}]}, "references": {"reference_data": [{"name": "https://support.symantec.com/en_US/article.SYMSA1461.html", "refsource": "CONFIRM", "url": "https://support.symantec.com/en_US/article.SYMSA1461.html"}, {"name": "105329", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105329"}]}}}}, "cveMetadata": {"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2018-12242", "datePublished": "2018-09-12T00:00:00", "dateReserved": "2018-06-12T00:00:00", "dateUpdated": "2018-09-20T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:messaging_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "D25EDB76-F75D-4C5E-9122-EB4F520D569D", "versionEndExcluding": "10.6.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network."}, {"lang": "es", "value": "El producto Symantec Messaging Gateway en versiones anteriores a la 10.6.6 puede ser susceptible a una explotaci\u00f3n de omisi\u00f3n de autenticaci\u00f3n, que es un tipo de vulnerabilidad que puede permitir a los atacantes omitir los mecanismos de seguridad actuales y obtener acceso al sistema o red."}], "id": "CVE-2018-12242", "lastModified": "2018-12-08T02:28:19.473", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-19T15:29:19.110", "references": [{"source": "secure@symantec.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105329"}, {"source": "secure@symantec.com", "tags": ["Vendor Advisory"], "url": "https://support.symantec.com/en_US/article.SYMSA1461.html"}], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}