Vulnerability CVE-2009-0064

Vulnerability Name:

CVE-2009-0064 (CCN-50075)

Assigned:

2009-04-23

Published:

2009-04-23

Updated:

2017-08-08

Summary:

Multiple unspecified vulnerabilities in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allow remote authenticated users to gain privileges, and possibly obtain sensitive information or hijack sessions of arbitrary users, via vectors involving (1) administrative scripts or (2) console functions.

CVSS v3 Severity:

5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
6.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
4.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2009-0064

Source: OSVDB
Type: UNKNOWN
53945

Source: CCN
Type: SA34885
Symantec Brightmail Gateway Control Center Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
34885

Source: CCN
Type: SECTRACK ID: 1022117
Symantec Brightmail Appliance Brightmail Control Center Lets Remote Authenticated Users Gain Elevated Privileges

Source: SECTRACK
Type: Patch
1022117

Source: CCN
Type: OSVDB ID: 53945
Symantec Brightmail Gateway Control Center Unspecified Remote Privilege Escalation

Source: BID
Type: UNKNOWN
34639

Source: CCN
Type: BID-34639
Symantec Brightmail Gateway Control Center Remote Privilege Escalation Vulnerability

Source: CCN
Type: SYM09-005
Symantec Brightmail Gateway Appliance Cross-site Scripting and Elevation of Privilege

Source: CONFIRM
Type: UNKNOWN
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01

Source: VUPEN
Type: Patch, Vendor Advisory
ADV-2009-1155

Source: XF
Type: UNKNOWN
brightmail-consolescripts-priv-escalation(50075)

Source: XF
Type: UNKNOWN
brightmail-consolescripts-priv-escalation(50075)

Vulnerable Configuration:

Configuration 1:

cpe:/h:symantec:brightmail_gateway_appliance:7.5:*:*:*:*:*:*:*

OR cpe:/h:symantec:brightmail_gateway_appliance:7.6:*:*:*:*:*:*:*

OR cpe:/h:symantec:brightmail_gateway_appliance:7.7:*:*:*:*:*:*:*

OR cpe:/h:symantec:brightmail_gateway_appliance:*:*:*:*:*:*:*:* (Version <= 8.0)

Configuration CCN 1:

cpe:/a:symantec:brightmail_gateway:8.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK