| CVE ID | CVE-2015-5690, CVE-2015-5693 |
| CVSS SCORE | 9.3, AV:N/AC:M/Au:N/C:C/I:C/A:C |
| AFFECTED VENDORS |
Symantec |
| AFFECTED PRODUCTS |
Web Gateway |
| TREND MICRO CUSTOMER PROTECTION | Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['20630']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com |
| VULNERABILITY DETAILS |
The specific flaw exists within the path processing for command URLs accessed through the management port of the gateway. A crafted URL can cause the Web Gateway to execute a command that should not be available externally. An attacker can exploit this vulnerability to execute arbitrary commands under the context of root. |
| ADDITIONAL DETAILS |
Symantec has issued an update to correct this vulnerability. More details can be found at:
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150916_00 |
| DISCLOSURE TIMELINE |
|
| CREDIT | Anonymous |
