VulDB: Symantec Gateway up to 5.0.2 privilege escalation [CVE-2012-0298]
General
scipID: 5441
Affected: Symantec Gateway up to 5.0.2
Published: 05/17/2012
Risk: 
problematic
Entry: 84.4% complete
Created: 05/25/2012
Updated: 09/03/2012
Summary
A vulnerability was found in Symantec Gateway up to 5.0.2 and classified as problematic. This issue affects an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability. Impacted is confidentiality, and integrity.
The weakness was released 05/17/2012 with SecuriTeam Secure Disclosure as SYM12-006. The advisory is shared for download at symantec.com. The public release was coordinated with Symantec. The identification of this vulnerability is CVE-2012-0298 since 01/04/2012. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details are unknown but a private exploit is available.
Upgrading to version 5.0.3 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (82024) and Secunia (SA49216).CVSS
Base Score: 5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
CPE
- cpe:/a:symantec:gateway:5.0.2
Exploiting
Class: Privilege escalation
Local: No
Remote: Yes
Availability: Yes
Access: Private
Countermeasures
Recommended: Upgrade
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Upgrade: Gateway 5.0.3
Timeline
01/04/2012 | CVE assigned
05/17/2012 | Advisory disclosed
05/17/2012 | Countermeasure disclosed
05/21/2012 | OSVDB entry created
05/25/2012 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: SYM12-006
Company: SecuriTeam Secure Disclosure
Coordinated: Yes
OSVDB: 82024
CVE: CVE-2012-0298 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 49216
