Exploit Cybersecurity study of the dark web exposes vulnerability to machine identities -- ScienceDaily

Published on June 14th, 2019 📆 | 8179 Views ⚑

0

Symantec Messaging Gateway up to 10.6.x information disclosure

CVSS Meta Temp Score Current Exploit Price (≈)
3.9 $0-$5k

A vulnerability, which was classified as problematic, was found in Symantec Messaging Gateway up to 10.6.x. This affects an unknown function. The manipulation with an unknown input leads to a information disclosure vulnerability. CWE is classifying the issue as CWE-200. This is going to have an impact on confidentiality.

The weakness was shared 05/09/2019 by Muhammad Nafees as SYMSA1482 as confirmed security advisory (Website). It is possible to read the advisory at support.symantec.com. This vulnerability is uniquely identified as CVE-2019-9699. The attack needs to approached within the local network. Multiple levels of succesful authentication are needed for exploitation. The technical details are unknown and an exploit is not publicly available.

Upgrading to version 10.7.0 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the vulnerability database at SecurityFocus (BID 108303).

Vendor

Name

VulDB Meta Base Score: 4.0
VulDB Meta Temp Score: 3.9

VulDB Base Score: 2.4
VulDB Temp Score: 2.3
VulDB Vector: 🔒
VulDB Reliability: 🔍

Vendor Base Score (Symantec): 5.7
Vendor Vector (Symantec): 🔒


VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Information disclosure (CWE-200)
Local: No
Remote: Partially

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligenceinfoedit

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍Recommended: Upgrade
Status: 🔍

Reaction Time: 🔒
0-Day Time: 🔒
Exposure Time: 🔒

Upgrade: Messaging Gateway 10.7.0

05/09/2019 Advisory disclosed
05/09/2019 +0 days Countermeasure disclosed
05/16/2019 +7 days SecurityFocus entry assigned
06/14/2019 +29 days VulDB entry created
06/14/2019 +0 days VulDB last updateVendor: symantec.com

Advisory: SYMSA1482
Researcher: Muhammad Nafees
Status: Confirmed

CVE: CVE-2019-9699 (🔒)
SecurityFocus: 108303 – Symantec Messaging Gateway CVE-2019-9699 Information Disclosure Vulnerability

Created: 06/14/2019 02:16 PM
Complete: 🔍

Comments

No comments yet. Please log in to comment.

Check our Alexa App!

https://vuldb.com/?id.136479

Premium WordPress Themes Download
Download Best WordPress Themes Free Download
Download Nulled WordPress Themes
Download WordPress Themes Free
online free course

Tagged with:



Leave a Reply ✍


loading...