CVE-2016-10258

Severity CVSS v4.0:
Pending analysis
Type:
CWE-434 Unrestricted Upload of File with Dangerous Type
Publication date:
11/04/2018
Last modified:
08/07/2021

Description

Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:* 6.6 (including) 6.6.5.14 (excluding)
cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:* 6.7 (including) 6.7.3.1 (excluding)
cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:* 6.5 (including) 6.5.10.8 (excluding)
cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:* 6.6 (including) 6.6.5.14 (excluding)
cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:* 6.7 (including) 6.7.3.1 (excluding)