CVE-2013-4673

EUVD-2013-4526
The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 does not properly implement RADIUS authentication, which allows remote attackers to execute arbitrary code by leveraging access to the login prompt.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 UNKNOWN
ADJACENT_NETWORK
LOW
AV:A/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
symantecweb_gateway
𝑥
≤ 5.1
symantecweb_gateway
5.0
symantecweb_gateway
5.0.1
symantecweb_gateway
5.0.2
symantecweb_gateway
5.0.3
symantecweb_gateway
5.0.3.18
symantecweb_gateway_appliance_8450
-
symantecweb_gateway_appliance_8490
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/95702
http://www.securityfocus.com/bid/61105
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00
https://exchange.xforce.ibmcloud.com/vulnerabilities/85990
http://osvdb.org/95702
http://www.securityfocus.com/bid/61105
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00
https://exchange.xforce.ibmcloud.com/vulnerabilities/85990