====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN674
_____________________________________________________________________

DATE                : 09/12/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Windows running Symantec Messaging Gateway versions
                                  prior to 10.7.4.

=====================================================================
https://support.broadcom.com/security-advisory/content/0/0/SYMSA16609
_____________________________________________________________________


Privilege Escalation and Information Disclosure Vulnerabilities in SMG

    SYMSA16609
    Last Updated: December 08 2020
    Initial Publication Date: December 08 2020

    Status: CLOSED
    Severity: High
    CVSS Base Score: 7.2


Summary

Symantec Messaging Gateway (SMG) is susceptible to privilege escalation
and information disclosure vulnerabilities. A malicious, authenticated,
privileged user can further elevate their privileges on the system, or
obtain a password for a remote SCP backup server that they might not
otherwise be authorized to access.


Affected Product(s)


Symantec Messaging Gateway (SMG)

CVE                       Supported Version(s) 	Remediation

CVE-2020-12594, CVE-2020-12595    10.7       Upgrade to 10.7.4.



Issue Details

Issue Details

CVE-2020-12594

Severity / CVSS v3.x:   High / 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

References:             NVD: CVE-2020-12594

Impact:                 Privilege escalation

Description:            A privilege escalation flaw allows a malicious,
                        authenticated, privileged CLI user to escalate
                        their privileges on the system and gain full
                        control over the SMG appliance.


CVE-2020-12595

Severity / CVSS v3.x: Medium / 4.9 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)

References:           NVD: CVE-2020-12595

Impact:               Information disclosure

Description           An information disclosure flaw allows a malicious,
                      authenticated, privileged web UI user to obtain a
                      password for a remote SCP backup server that they
                      might not otherwise be authorized to access.



References

    CVE-2020-12594: Grzegorz Gościniak, Security IT Expert at PKP
                     ENERGETYKA S.A., g.gosciniak@pkpenergetyka.pl
    CVE-2020-12595: Ali Eskiocak, Help AG, info@helpag.com


Revisions

2020-12-08 initial public release


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=3D=3D=3D=3D=3D=3D=3D