Initial Publication Date: Advisory Status: Advisory Severity: CVSS Base Score:Legacy ID
24 Nov 2015 Closed Low 2.1 SA102
Configuration files for Unified Agent running in local enforcement mode can be modified by administrators on the client. Configuration files can be modified to unblock categories or to disable Unified Agent entirely.
4.7 and later
Not vulnerable, fixed in 4.7.1
4.6 (only in local enforcement mode)
Upgrade to 4.6.2
All versions prior to 4.6 (only in local enforcement mode)
Unified Agent in local enforcement mode receives policy and configuration from the Client Manager in ProxySG. Policy contains information such as the categories that will be blocked and configuration contains settings such as whether the Unified Agent is enabled. Policy and configuration settings are set by authorized ProxySG administrators.
Prior to Unified Agent 4.6.2, an administrator on the client could remove, add, or modify policy and configuration settings without those changes being detected (CVE-2015-8482). This capability could be exploited to unblock restricted content categories or even to disable the agent entirely. Malware acting as a user with administrative privileges could exploit this to enable connections to previously disallowed malicious sites.
Unified Agent 4.6.2 and later detects alterations of the policy and configuration settings and marks them as invalid. When an invalid policy or configuration is detected, Unified Agent will enter the customer defined failure mode. To resume normal operations, the client must connect to the ProxySG Client Manager to obtain valid configuration settings. Please see the Release Notes for 4.6.2 for more information about configuring failure mode and tamper resistance.
Reported by Nate Roberts with WipfliLLP
2017-03-06 SA status moved to Final.
2015-11-24 initial public release
2015-12-14 This vulnerability has been reported in CVE-2015-8482.
This is machine translated content
Login to Subscribe
Please login to set up your
Would you like to be subscribed to future notifications for this article?
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Currently server is down.
Didn't find the article you were looking for? Try these resources.