ID CVE-2016-9099
Summary Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site.
References
Vulnerable Configurations
  • cpe:2.3:a:broadcom:advanced_secure_gateway:6.7:*:*:*:*:*:*:*
    cpe:2.3:a:broadcom:advanced_secure_gateway:6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:broadcom:symantec_proxysg:6.5:*:*:*:*:*:*:*
    cpe:2.3:a:broadcom:symantec_proxysg:6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:broadcom:symantec_proxysg:6.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:broadcom:symantec_proxysg:6.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:broadcom:symantec_proxysg:6.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:broadcom:symantec_proxysg:6.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:broadcom:symantec_proxysg:6.5.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:broadcom:symantec_proxysg:6.5.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:broadcom:symantec_proxysg:6.5.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:broadcom:symantec_proxysg:6.5.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:broadcom:symantec_proxysg:6.5.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:broadcom:symantec_proxysg:6.5.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:broadcom:symantec_proxysg:6.5.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:broadcom:symantec_proxysg:6.5.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:broadcom:symantec_proxysg:6.5.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:broadcom:symantec_proxysg:6.5.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.10:*:*:*:*:*:*:*
    cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.10:*:*:*:*:*:*:*
  • cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.14:*:*:*:*:*:*:*
    cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.14:*:*:*:*:*:*:*
  • cpe:2.3:a:broadcom:symantec_proxysg:6.5.10.4:*:*:*:*:*:*:*
    cpe:2.3:a:broadcom:symantec_proxysg:6.5.10.4:*:*:*:*:*:*:*
  • cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*
    cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*
    cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:broadcom:symantec_proxysg:6.7:*:*:*:*:*:*:*
    cpe:2.3:a:broadcom:symantec_proxysg:6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:broadcom:symantec_proxysg:6.7.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:broadcom:symantec_proxysg:6.7.1.1:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 08-07-2021 - 16:37)
Impact:
Exploitability:
CWE CWE-601
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
refmap via4
bid 102455
confirm https://www.symantec.com/security-center/network-protection-security-advisories/SA155
sectrack 1040138
Last major update 08-07-2021 - 16:37
Published 11-05-2017 - 14:30
Last modified 08-07-2021 - 16:37
Back to Top