- Joined
- 11 yrs. 8 mth. 23 days
- Messages
- 5,010
- Reaction score
- 11,818
- Wallet
- 13,191$
- [email protected]
Symantec has plugged a series of critical flaws in its Web Gateway appliances which included a backdoor permitting remote code execution on targeted systems.
The flaws, discovered during a short crash test by security researchers at Austrian firm SEC Consult, created a means to execute code with root privileges - or the ability to take over a vulnerable appliance.
In an advisory note, SEC Consult Vulnerability Lab warns the flaws posed a huge spying risk to corporate users of Symantec's technology, which is designed to prevent malware and other threats from getting inside corporate networks.
SEC Consult identified six vulnerabilities with the technology in total, including: cross-site scripting; OS command injection; security misconfiguration; SQL Injection; and cross-site request forgery flaws.
Symantec was notified about the flaw on 22 February but only published a security bulletin last week, on 25 July. Sysadmins should update their technology to Symantec Web Gateway version 5.1.1.
A vanilla statement from Symantec explained that the update was available to customers either directly or through its channel partners.
The flaws, discovered during a short crash test by security researchers at Austrian firm SEC Consult, created a means to execute code with root privileges - or the ability to take over a vulnerable appliance.
In an advisory note, SEC Consult Vulnerability Lab warns the flaws posed a huge spying risk to corporate users of Symantec's technology, which is designed to prevent malware and other threats from getting inside corporate networks.
SEC Consult identified six vulnerabilities with the technology in total, including: cross-site scripting; OS command injection; security misconfiguration; SQL Injection; and cross-site request forgery flaws.
Symantec was notified about the flaw on 22 February but only published a security bulletin last week, on 25 July. Sysadmins should update their technology to Symantec Web Gateway version 5.1.1.
A vanilla statement from Symantec explained that the update was available to customers either directly or through its channel partners.