CVE-2016-2203 : The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discove

The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges.

Published 2016-04-22 18:59:05

Updated 2019-06-25 12:22:05

Source Symantec Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2016-2203

Probability of exploitation activity in the next 30 days: 0.10%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 40 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2016-2203

Symantec Messaging Gateway 10 Exposure of Stored AD Password Vulnerability

Disclosure Date: 2015-12-17

First seen: 2020-04-26

auxiliary/scanner/http/symantec_brightmail_ldapcreds

This module will grab the AD account saved in Symantec Messaging Gateway and then decipher it using the disclosed Symantec PBE key. Note that authentication is required in order to successfully grab the LDAP credentials, and you need at least a read account. Version

More information

CVSS scores for CVE-2016-2203

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-2203

CWE-255

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-2203

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160418_00

Symantec Messaging Gateway Multiple Security Issues
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/86137

Symantec Messaging Gateway CVE-2016-2203 Local Password Disclosure Vulnerability
Exploit;Third Party Advisory;VDB Entry
https://www.exploit-db.com/exploits/39715/

Symantec Brightmail 10.6.0-7 - LDAP Credentials Disclosure (Metasploit)
Exploit;Third Party Advisory;VDB Entry
http://packetstormsecurity.com/files/136758/Symantec-Brightmail-10.6.0-7-LDAP-Credential-Grabber.html

Symantec Brightmail 10.6.0-7 LDAP Credential Grabber ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1035609

Symantec Messaging Gateway Flaws Let Local Users Obtain and Decrypt Passwords and Execute Arbitrary Shell Commands on the Target System - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url

Products affected by CVE-2016-2203

Symantec » Messaging Gateway » Version: 10.6.0 Update Patch3
cpe:2.3:a:symantec:messaging_gateway:10.6.0:patch3:*:*:*:*:*:*
Matching versions
Symantec » Messaging Gateway » Version: 10.6.0 Update Patch5
cpe:2.3:a:symantec:messaging_gateway:10.6.0:patch5:*:*:*:*:*:*
Matching versions
Symantec » Messaging Gateway » Version: 10.6.0 Update Patch7
cpe:2.3:a:symantec:messaging_gateway:10.6.0:patch7:*:*:*:*:*:*
Matching versions