CyberSec.Space Logo
Back to CVE Browser

CVE-2021-30648

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0500%
EPSS Percentile24.32th
PublishedJun 30, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance.

Affected Platforms (CPE)

πŸ“¦
Broadcom

Symantec Proxysg

>= 6.5 and < 6.5.10.16
πŸ“¦
Broadcom

Symantec Proxysg

>= 6.6 and < 6.6.5.19
πŸ“¦
Broadcom

Symantec Proxysg

>= 6.7 and < 6.7.5.12
πŸ“¦
Broadcom

Symantec Proxysg

>= 7.2 and < 7.2.7.2
πŸ“¦
Broadcom

Symantec Proxysg

>= 7.3 and < 7.3.3.3
πŸ’»
Broadcom

Symantec Advanced Secure Gateway S200 30 Firmware

>= 6.6 and < 6.7.4.17
πŸ’»
Broadcom

Symantec Advanced Secure Gateway S200 30 Firmware

>= 6.7.5.0 and < 6.7.5.12
πŸ’»
Broadcom

Symantec Advanced Secure Gateway S200 30 Firmware

>= 7.2 and < 7.2.7.2
πŸ’»
Broadcom

Symantec Advanced Secure Gateway S200 30 Firmware

>= 7.3 and < 7.3.3.3
πŸ’»
Broadcom

Symantec Advanced Secure Gateway S200 40 Firmware

>= 6.6 and < 6.7.4.17
πŸ’»
Broadcom

Symantec Advanced Secure Gateway S200 40 Firmware

>= 6.7.5.0 and < 6.7.5.12
πŸ’»
Broadcom

Symantec Advanced Secure Gateway S200 40 Firmware

>= 7.2 and < 7.2.7.2
πŸ’»
Broadcom

Symantec Advanced Secure Gateway S200 40 Firmware

>= 7.3 and < 7.3.3.3
πŸ’»
Broadcom

Symantec Advanced Secure Gateway S400 20 Firmware

>= 6.6 and < 6.7.4.17
πŸ’»
Broadcom

Symantec Advanced Secure Gateway S400 20 Firmware

>= 6.7.5.0 and < 6.7.5.12
πŸ’»
Broadcom

Symantec Advanced Secure Gateway S400 20 Firmware

>= 7.2 and < 7.2.7.2
πŸ’»
Broadcom

Symantec Advanced Secure Gateway S400 20 Firmware

>= 7.3 and < 7.3.3.3
πŸ’»
Broadcom

Symantec Advanced Secure Gateway S400 30 Firmware

>= 6.6 and < 6.7.4.17
πŸ’»
Broadcom

Symantec Advanced Secure Gateway S400 30 Firmware

>= 6.7.5.0 and < 6.7.5.12
πŸ’»
Broadcom

Symantec Advanced Secure Gateway S400 30 Firmware

>= 7.2 and < 7.2.7.2
πŸ’»
Broadcom

Symantec Advanced Secure Gateway S400 30 Firmware

>= 7.3 and < 7.3.3.3
πŸ’»
Broadcom

Symantec Advanced Secure Gateway S400 40 Firmware

>= 6.6 and < 6.7.4.17
πŸ’»
Broadcom

Symantec Advanced Secure Gateway S400 40 Firmware

>= 6.7.5.0 and < 6.7.5.12
πŸ’»
Broadcom

Symantec Advanced Secure Gateway S400 40 Firmware

>= 7.2 and < 7.2.7.2
πŸ’»
Broadcom

Symantec Advanced Secure Gateway S400 40 Firmware

>= 7.3 and < 7.3.3.3
πŸ’»
Broadcom

Symantec Advanced Secure Gateway 500 10 Firmware

>= 6.6 and < 6.7.4.17
πŸ’»
Broadcom

Symantec Advanced Secure Gateway 500 10 Firmware

>= 6.7.5.0 and < 6.7.5.12
πŸ’»
Broadcom

Symantec Advanced Secure Gateway 500 10 Firmware

>= 7.2 and < 7.2.7.2
πŸ’»
Broadcom

Symantec Advanced Secure Gateway 500 10 Firmware

>= 7.3 and < 7.3.3.3
πŸ’»
Broadcom

Symantec Advanced Secure Gateway S500 20 Firmware

>= 6.6 and < 6.7.4.17
πŸ’»
Broadcom

Symantec Advanced Secure Gateway S500 20 Firmware

>= 6.7.5.0 and < 6.7.5.12
πŸ’»
Broadcom

Symantec Advanced Secure Gateway S500 20 Firmware

>= 7.2 and < 7.2.7.2
πŸ’»
Broadcom

Symantec Advanced Secure Gateway S500 20 Firmware

>= 7.3 and < 7.3.3.3

References & Advisories

πŸ”— https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331
πŸ”— https://support.broadcom.com/security-advisory/content/security-advisories/0/SYMSA18331

Related Vulnerabilities

CVE-2018-52419.8

Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass ...

CVE-2021-468259.1

Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated ...

CVE-2016-91007.8

Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6...

CVE-2017-136777.5

Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote atta...