CVE-2018-18371

Published: Aug 29, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.

Vendor	Product	Versions
Symantec Corporation	Symantec Advanced Secure Gateway (ASG)	affected `6.6 and 6.7 prior to 6.7.4.2`
Symantec Corporation	Symantec ProxySG	affected `6.5 prior to 6.5.10.15` affected `6.6` affected `6.7 prior to 6.7.4.2`

References

https://support.symantec.com/us/en/article.SYMSA1472.html

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-18371

Description

Affected Products

References