CVE-2017-6328

EPSS 2.1%

Vexday Risk Score

23Low

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS —EPSS 2.1%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

09 Aug 2017Public PoC

11 Aug 2017Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust that a specific website has in a user's browser.

Affected products

Symantec Corporation · Messaging Gateway

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/42613unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170810_00 http://www.securityfocus.com/bid/100136