Unrestricted upload of file with dangerous type in Advanced Secure Gateway and ProxySG - CVE-2016-10258
Published: May 7, 2018 / Updated: June 17, 2021
Vulnerability identifier: #VU12392
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2016-10258
CWE-ID: CWE-434
Exploitation vector: Adjecent network
Exploit availability:
Public exploit is available
Vendor: Broadcom
Affected software:
Advanced Secure Gateway
ProxySG
Advanced Secure Gateway
ProxySG
Detailed vulnerability description
The vulnerability allows an adjacent authenticated attacker to write arbitrary files on the target system.
The weakness exists due to an unrestricted file upload flaw. An adjacent attacker can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.
The weakness exists due to an unrestricted file upload flaw. An adjacent attacker can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.
How to mitigate CVE-2016-10258
Install update from vendor's website.