CVE-2016-9099

Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
symantecCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
broadcomadvanced_secure_gateway
6.7 ≤
𝑥
< 6.7.2.1
broadcomsymantec_proxysg
6.5 ≤
𝑥
< 6.5.10.6
broadcomadvanced_secure_gateway
6.6
broadcomsymantec_proxysg
6.6
broadcomsymantec_proxysg
6.7 ≤
𝑥
< 6.7.2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/102455
http://www.securitytracker.com/id/1040138
https://www.symantec.com/security-center/network-protection-security-advisories/SA155
http://www.securityfocus.com/bid/102455
http://www.securitytracker.com/id/1040138
https://www.symantec.com/security-center/network-protection-security-advisories/SA155