Cyber Resilience

CVE-2017-6327

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRCE

Published: 11 August 2017

Published
11 August 2017
Modified
21 April 2026
KEV Added
03 November 2021
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.7593 98.9th percentile
Risk Priority 83 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2017-6327 is a high-severity Command Injection (CWE-77) vulnerability in Symantec Message Gateway. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 1.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability is a remote code execution flaw, tracked as CVE-2017-6327 with CWE-77, affecting Symantec Messaging Gateway versions prior to 10.6.3-267. It permits an authenticated attacker to execute arbitrary commands on the target system or process, after which privilege escalation may be attempted. The issue carries a CVSS v3.1 base score of 8.8, reflecting network attack vector, low complexity, and low privileges required with no user interaction.

An attacker with low-privileged network access can exploit the flaw to achieve full control over confidentiality, integrity, and availability on the affected gateway. Public exploit code has been published, confirming that remote command execution is feasible once initial access is obtained.

Symantec's security advisory and related disclosures recommend upgrading to version 10.6.3-267 or later to address the issue. Full details and patches are available via the vendor's security update page and coordinated disclosure lists.

EU & UK References

Vulnerability details

The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this…

more

type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

symantec
message gateway
≤ 10.6.3-267

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of the vendor patch (10.6.3-267) that eliminates the command-injection flaw.

prevent

Mandates validation of all input to block the CWE-77 command injection that enables arbitrary remote execution.

prevent

Limits the privileges granted to authenticated users, reducing the impact of any successful command execution and subsequent escalation attempts.

References