CVE-2018-18371 - OpenCVE

The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Broadcom	Advanced Secure Gateway Symantec Proxysg

Configuration 1 [-]

OR	cpe:2.3:a:broadcom:advanced_secure_gateway::::::::
	cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:::::::*
	cpe:2.3:a:broadcom:symantec_proxysg::::::::
	cpe:2.3:a:broadcom:symantec_proxysg::::::::
	cpe:2.3:a:broadcom:symantec_proxysg:6.6:::::::*

No data.

References

Link	Providers
https://support.symantec.com/us/en/article.SYMSA1472.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: symantec

Published: 2019-08-29T22:14:58

Updated: 2024-08-05T11:08:21.699Z

Reserved: 2018-10-15T00:00:00

Link: CVE-2018-18371

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-08-30T09:15:16.660

Modified: 2021-07-08T16:37:25.740

Link: CVE-2018-18371

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Symantec Advanced Secure Gateway (ASG)", "vendor": "Symantec Corporation", "versions": [{"status": "affected", "version": "6.6 and 6.7 prior to 6.7.4.2"}]}, {"product": "Symantec ProxySG", "vendor": "Symantec Corporation", "versions": [{"status": "affected", "version": "6.5 prior to 6.5.10.15"}, {"status": "affected", "version": "6.6"}, {"status": "affected", "version": "6.7 prior to 6.7.4.2"}]}], "descriptions": [{"lang": "en", "value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2."}], "problemTypes": [{"descriptions": [{"description": "Information disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-29T22:14:58", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.symantec.com/us/en/article.SYMSA1472.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@symantec.com", "ID": "CVE-2018-18371", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Symantec Advanced Secure Gateway (ASG)", "version": {"version_data": [{"version_value": "6.6 and 6.7 prior to 6.7.4.2"}]}}, {"product_name": "Symantec ProxySG", "version": {"version_data": [{"version_value": "6.5 prior to 6.5.10.15"}, {"version_value": "6.6"}, {"version_value": "6.7 prior to 6.7.4.2"}]}}]}, "vendor_name": "Symantec Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information disclosure"}]}]}, "references": {"reference_data": [{"name": "https://support.symantec.com/us/en/article.SYMSA1472.html", "refsource": "CONFIRM", "url": "https://support.symantec.com/us/en/article.SYMSA1472.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:08:21.699Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.symantec.com/us/en/article.SYMSA1472.html"}]}]}, "cveMetadata": {"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2018-18371", "datePublished": "2019-08-29T22:14:58", "dateReserved": "2018-10-15T00:00:00", "dateUpdated": "2024-08-05T11:08:21.699Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B599C2C-2345-4C48-A643-7E3248CD93CF", "versionEndExcluding": "6.7.4.2", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "A541B285-4265-4AED-80FC-AE02C1372645", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "30763EE4-C79B-47A6-B2BB-6E94B2C9C467", "versionEndExcluding": "6.5.10.15", "versionStartIncluding": "6.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "matchCriteriaId": "83FFE68F-353C-441C-B924-6087631A0AF8", "versionEndExcluding": "6.7.4.2", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "004F99F2-E750-4FC5-A2A6-65FD1C918676", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server from the ASG/ProxySG's web listing of the FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2."}, {"lang": "es", "value": "El modo WebFTP del proxy FTP de ASG/ProxySG, permite interceptar conexiones FTP donde un usuario accede a un servidor FTP por medio de una URL ftp:// en un navegador web. Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en el modo WebFTP permite a un usuario malicioso obtener credenciales de aute de texto plano para un servidor FTP remoto desde un listado web del servidor FTP de ASG/ProxySG. Versiones afectadas: ASG versi\u00f3n 6.6 y versiones 6.7 anteriores a 6.7.4.2; ProxySG versiones 6.5 anteriores a 6.5.10.15, 6.6, y versiones 6.7 anteriores a 6.7.4.2."}], "id": "CVE-2018-18371", "lastModified": "2021-07-08T16:37:25.740", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-30T09:15:16.660", "references": [{"source": "secure@symantec.com", "tags": ["Vendor Advisory"], "url": "https://support.symantec.com/us/en/article.SYMSA1472.html"}], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}]}