CVE-2017-6327
Published: 11 August 2017
Summary
CVE-2017-6327 is a high-severity Command Injection (CWE-77) vulnerability in Symantec Message Gateway. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 1.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability is a remote code execution flaw, tracked as CVE-2017-6327 with CWE-77, affecting Symantec Messaging Gateway versions prior to 10.6.3-267. It permits an authenticated attacker to execute arbitrary commands on the target system or process, after which privilege escalation may be attempted. The issue carries a CVSS v3.1 base score of 8.8, reflecting network attack vector, low complexity, and low privileges required with no user interaction.
An attacker with low-privileged network access can exploit the flaw to achieve full control over confidentiality, integrity, and availability on the affected gateway. Public exploit code has been published, confirming that remote command execution is feasible once initial access is obtained.
Symantec's security advisory and related disclosures recommend upgrading to version 10.6.3-267 or later to address the issue. Full details and patches are available via the vendor's security update page and coordinated disclosure lists.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-15388
Vulnerability details
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this…
more
type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of the vendor patch (10.6.3-267) that eliminates the command-injection flaw.
Mandates validation of all input to block the CWE-77 command injection that enables arbitrary remote execution.
Limits the privileges granted to authenticated users, reducing the impact of any successful command execution and subsequent escalation attempts.