The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Complete

AV:N/AC:L/Au:N/C:P/I:P/A:C
Vendors Products
Broadcom
  • Symantec Proxysg
  • Symantec Advanced Secure Gateway S400-20
  • Symantec Advanced Secure Gateway S400-40
  • Symantec Advanced Secure Gateway S500-20
  • Symantec Advanced Secure Gateway S200-30
  • Symantec Advanced Secure Gateway S500-20 Firmware
  • Symantec Advanced Secure Gateway S400-30 Firmware
  • Symantec Advanced Secure Gateway S200-30 Firmware
  • Symantec Advanced Secure Gateway S200-40
  • Symantec Advanced Secure Gateway S400-30
  • Symantec Advanced Secure Gateway S400-40 Firmware
  • Symantec Advanced Secure Gateway S200-40 Firmware
  • Symantec Advanced Secure Gateway 500-10
  • Symantec Advanced Secure Gateway S400-20 Firmware
  • Symantec Advanced Secure Gateway 500-10 Firmware

Configuration 1 [-]

OR cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s200-30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s200-30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s200-30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s200-30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_s200-30:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
OR cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s200-40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s200-40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s200-40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s200-40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_s200-40:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
OR cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_s400-20:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
OR cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_s400-30:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
OR cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s400-40_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_s400-40:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
OR cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_500-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_500-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_500-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_500-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_500-10:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
OR cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s500-20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s500-20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s500-20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:symantec_advanced_secure_gateway_s500-20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:broadcom:symantec_advanced_secure_gateway_s500-20:-:*:*:*:*:*:*:*
References
Link Resource
https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331 Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: symantec

Published: 2021-06-30T10:40:39

Updated: 2021-06-30T10:40:39

Reserved: 2021-04-13T00:00:00

Link: CVE-2021-30648

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2021-06-30T11:15:08.143

Modified: 2021-07-06T15:14:40.460

Link: CVE-2021-30648

JSON object: View

cve-icon Redhat Information

No data.

CWE