Main
Vulnerability Database
Exploits
ID:5880 - Exploit for Unrestricted upload of file with dangerous type in Advanced Secure Gateway and ProxySG - CVE-2016-10258
ID:5880 - Exploit for Unrestricted upload of file with dangerous type in Advanced Secure Gateway and ProxySG - CVE-2016-10258
Published: June 17, 2021
Vulnerability identifier: #VU12392
Vulnerability risk: Low
CVE-ID: CVE-2016-10258
CWE-ID: CWE-434
Exploitation vector: Adjecent network
Vulnerable software:
Advanced Secure Gateway
ProxySG
Advanced Secure Gateway
ProxySG
Link to public exploit:
Vulnerability description
The vulnerability allows an adjacent authenticated attacker to write arbitrary files on the target system.
The weakness exists due to an unrestricted file upload flaw. An adjacent attacker can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.
The weakness exists due to an unrestricted file upload flaw. An adjacent attacker can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.
Remediation
Install update from vendor's website.