ID CVE-2016-2203
Summary The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges.
References
Vulnerable Configurations
  • cpe:2.3:a:symantec:messaging_gateway:10.6.0:patch3:*:*:*:*:*:*
    cpe:2.3:a:symantec:messaging_gateway:10.6.0:patch3:*:*:*:*:*:*
  • cpe:2.3:a:symantec:messaging_gateway:10.6.0:patch5:*:*:*:*:*:*
    cpe:2.3:a:symantec:messaging_gateway:10.6.0:patch5:*:*:*:*:*:*
  • cpe:2.3:a:symantec:messaging_gateway:10.6.0:patch7:*:*:*:*:*:*
    cpe:2.3:a:symantec:messaging_gateway:10.6.0:patch7:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 25-06-2019 - 12:22)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 86137
confirm http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160418_00
exploit-db 39715
misc http://packetstormsecurity.com/files/136758/Symantec-Brightmail-10.6.0-7-LDAP-Credential-Grabber.html
sectrack 1035609
Last major update 25-06-2019 - 12:22
Published 22-04-2016 - 18:59
Last modified 25-06-2019 - 12:22
Back to Top