#VU12392 Unrestricted upload of file with dangerous type in Advanced Secure Gateway and ProxySG - CVE-2016-10258
Published: May 7, 2018 / Updated: June 17, 2021
Vulnerability identifier: #VU12392
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2016-10258
CWE-ID: CWE-434
Exploitation vector: Adjecent network
Exploit availability:
Public exploit is available
Vulnerable software:
Advanced Secure Gateway
ProxySG
Advanced Secure Gateway
ProxySG
Software vendor:
Broadcom
Broadcom
Description
The vulnerability allows an adjacent authenticated attacker to write arbitrary files on the target system.
The weakness exists due to an unrestricted file upload flaw. An adjacent attacker can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.
The weakness exists due to an unrestricted file upload flaw. An adjacent attacker can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.
Remediation
Install update from vendor's website.