Directory traversal flaw in Symantec Workspace Streaming - CVE-2016-2206
Published: July 11, 2016 / Updated: July 12, 2020
Vulnerability identifier: #VU112
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-2206
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Broadcom
Affected software:
Symantec Workspace Streaming
Symantec Workspace Streaming
Detailed vulnerability description
The vulnerability allows a remote attacker to obtain files on the target system.
The vulnerability exists due input validation error. A remote authenticated attacker can view arbitrary files on the target system by modifying the configuration tool download file.
Successful exploitation of this vulnerability may result in disclosure of system information.
The vulnerability exists due input validation error. A remote authenticated attacker can view arbitrary files on the target system by modifying the configuration tool download file.
Successful exploitation of this vulnerability may result in disclosure of system information.
How to mitigate CVE-2016-2206
The vendor has issued a fix (7.5SP1 HF9, 7.6 HF5).