CVE-2016-9100 Information

Description

Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13 ASG 6.7 prior to 6.7.3.1 ProxySG 6.5 prior to 6.5.10.6 ProxySG 6.6 prior to 6.6.5.13 and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can under certain circumstances obtain sensitive authentication credential information.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/102454 http://www.securitytracker.com/id/1040138 https://www.symantec.com/security-center/network-protection-security-advisories/SA155

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8