1. CVE-Search
  2. CVE-2017-6327
ID CVE-2017-6327
Summary The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges.
References
Vulnerable Configurations
  • cpe:2.3:a:symantec:message_gateway:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:9.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:9.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:9.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:9.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:9.5:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:9.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:9.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:9.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:9.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:9.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:9.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:9.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:9.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:10.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:10.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:10.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:10.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:10.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:10.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:10.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:10.5:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:10.5:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:10.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:10.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:10.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:10.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:10.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:10.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:10.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:10.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:10.6:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:10.6:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:10.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:10.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:10.6.1-3:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:10.6.1-3:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:10.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:10.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:10.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:10.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:10.6.3-2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:10.6.3-2:*:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 24-07-2024 - 17:11)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
d2sec via4
name Symantec Messaging Gateway RestoreAction.performRestore() RCE
url http://www.d2sec.com/exploits/symantec_messaging_gateway_restoreaction.performrestore_rce.html
refmap via4
bid 100135
confirm https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170810_00
exploit-db 42519
fulldisc 20170817 CVE-2017-6327: Symantec Messaging Gateway <= 10.6.3-2 unauthenticated root RCE
Last major update 24-07-2024 - 17:11
Published 11-08-2017 - 20:29
Last modified 24-07-2024 - 17:11
Back to Top