CISA KEV 정보
| 취약점명 | Symantec Messaging Gateway Remote Code Execution Vulnerability |
|---|---|
| 설명 | Symantec Messaging Gateway contains an unspecified vulnerability which can allow for remote code execution. With the ability to perform remote code execution, an attacker may also desire to perform privilege escalating actions. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-20 |
| 등록일 (KEV) | 2021-11-03 |
| 조치 기한 | 2022-05-03 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2017-6327 |
NVD 상세 정보
CVSS v3.1: 8.8 HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS v2.0: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P설명: The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges.
CWE: CWE-77
참조
- http://seclists.org/fulldisclosure/2017/Aug/28 [Mailing List, Third Party Advisory]
- http://www.securityfocus.com/bid/100135 [Broken Link, Third Party Advisory, VDB Entry]
- https://www.exploit-db.com/exploits/42519/ [Third Party Advisory, VDB Entry]
- https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170810_00 [Vendor Advisory]
- http://seclists.org/fulldisclosure/2017/Aug/28 [Mailing List, Third Party Advisory]
- http://www.securityfocus.com/bid/100135 [Broken Link, Third Party Advisory, VDB Entry]
- https://www.exploit-db.com/exploits/42519/ [Third Party Advisory, VDB Entry]
- https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170810_00 [Vendor Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-6327
This product uses the NVD API but is not endorsed or certified by the NVD.