Vulnerabilities > CVE-2017-6326 - Remote Code Execution vulnerability in Symantec Messaging Gateway
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.
Vulnerable Configurations
Exploit-Db
description | Symantec Messaging Gateway 10.6.2-7 - Remote Code Execution (Metasploit). CVE-2017-6326. Remote exploit for Python platform. Tags: Metasploit Framework |
file | exploits/python/remote/42251.rb |
id | EDB-ID:42251 |
last seen | 2017-06-26 |
modified | 2017-06-26 |
platform | python |
port | 443 |
published | 2017-06-26 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/42251/ |
title | Symantec Messaging Gateway 10.6.2-7 - Remote Code Execution (Metasploit) |
type | remote |
Metasploit
description | This module exploits the command injection vulnerability of Symantec Messaging Gateway product. An authenticated user can execute a terminal command under the context of the web server user which is root. backupNow.do endpoint takes several user inputs and then pass them to the internal service which is responsible for executing operating system command. One of the user input is being passed to the service without proper validation. That cause a command injection vulnerability. But given parameters, such a SSH ip address, port and credentials are validated before executing terminal command. Thus, you need to configure your own SSH service and set the required parameter during module usage. This module was tested against Symantec Messaging Gateway 10.6.2-7. |
id | MSF:EXPLOIT/LINUX/HTTP/SYMANTEC_MESSAGING_GATEWAY_EXEC |
last seen | 2020-06-13 |
modified | 2017-08-29 |
published | 2017-06-10 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/http/symantec_messaging_gateway_exec.rb |
title | Symantec Messaging Gateway Remote Code Execution |
Nessus
NASL family | CGI abuses |
NASL id | SYMANTEC_MESSAGING_GATEWAY_SYM17-004.NASL |
description | According to its self-reported version number, the Symantec Messaging Gateway (SMG) running on the remote host is 10.x prior to 10.6.3-266. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists when handling email attachments involving malformed or corrupted Word files containing macros. An unauthenticated, remote attacker can exploit this, via a specially crafted email, to bypass the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 101158 |
published | 2017-06-30 |
reporter | This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/101158 |
title | Symantec Messaging Gateway 10.x < 10.6.3-266 Multiple Vulnerabilities (SYM17-004) |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/143129/symantec_messaging_gateway_exec.rb.txt |
id | PACKETSTORM:143129 |
last seen | 2017-06-24 |
published | 2017-06-24 |
reporter | Mehmet Ince |
source | https://packetstormsecurity.com/files/143129/Symantec-Messaging-Gateway-Remote-Code-Execution.html |
title | Symantec Messaging Gateway Remote Code Execution |