Initial Publication Date: Advisory Status: Advisory Severity: CVSS Base Score:Legacy ID
16 Aug 2010 Closed High CVSS v2: 7.4 SA45
A read only ProxySG administrator can gain full administrative control by sending CLI commands over HTTPS to the ProxySG.
All versions of ProxySG prior to 6.1 are vulnerable.
ProxySG 6.1 - a fix is available in SGOS 18.104.22.168.
ProxySG 5.5 - a fix is available in SGOS 22.214.171.124.
ProxySG 5.4 - a fix is available in SGOS 126.96.36.199.
ProxySG 5.3 - please upgrade to a later version.
ProxySG 4.3 - a fix is available in SGOS 188.8.131.52.
ProxySG 4.2 - please upgrade to a later version.
For information on how to upgrade SGOS, please see KB3608.
A read only administrator is limited to a small subset of commands that cannot change the configuration of the ProxySG. Privileges are limited in ProxySG for commands entered in the Management Console and the CLI. Sending commands via an HTTPS URL bypasses the privilege enforcement and allows a read only administrator to execute all administrative commands.
CVSS v2 score: 7.4 (AV:A/AC:M/Au:S/C:C/I:C/A:C)
Disabling all read-only administrators will prevent this vulnerability from being exploited.
The vulnerability was discovered by Jonathon Krier and Laurent Mathieu from Verizon Business Luxembourg and reported by Thierry Zoller from Verizon Business Luxembourg.
2012-01-17 Changed status to final.
2011-02-17 Update the SGOS 5.5 fix from SGOS 184.108.40.206 to 220.127.116.11 to reflect issues that affect SGOS 18.104.22.168. Updated SGOS 4.3 fix to reflect that the issue is resolved in SGOS 22.214.171.124. Also included link to KB3608 on how to update SGOS.
2010-11-04 Notification of a fix in patch release 126.96.36.199.
2010-11-01 Notification of a patch release to address the defect in 188.8.131.52.
2010-10-27 Notification of 184.108.40.206 patch release being promoted to a GA release.
2010-10-15 Notification of a fix in patch release 220.127.116.11.
2010-09-29 Notification of a fix in 18.104.22.168. Update of pages affected by the defect in 22.214.171.124.
2010-10-02 Added information about a defect in 126.96.36.199.
2010-09-01 Added a workaround.
2010-08-23 Ammended the discovery of the vulnerability to properly credit Jonathon Krier and Laurent Mathieu.
2010-08-16 Initial public release.
This is machine translated content
Login to Subscribe
Please login to set up your
Would you like to be subscribed to future notifications for this article?
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Currently server is down.
Didn't find the article you were looking for? Try these resources.