Vulnerability Details : CVE-2012-2977
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to change arbitrary passwords via crafted input to an application script.
Exploit prediction scoring system (EPSS) score for CVE-2012-2977
Probability of exploitation activity in the next 30 days: 0.62%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-2977
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2012-2977
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2977
-
http://www.securityfocus.com/bid/54430
Symantec Web Gateway Password Change Security Bypass Vulnerability
-
http://www.kb.cert.org/vuls/id/108471
VU#108471 - Symantec Web Gateway contains multiple vulnerabilities
-
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00
Symantec Web Gateway Security Issues
Products affected by CVE-2012-2977
- cpe:2.3:a:symantec:web_gateway:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:web_gateway:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:web_gateway:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:web_gateway:5.0.3:*:*:*:*:*:*:*