CVE-2017-6327
high-risk
Published 2017-08-11
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges.
Do I need to act?
!
76.8% chance of exploitation in next 30 days
EPSS score — higher than 23% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (9)
Mailing List
http://seclists.org/fulldisclosure/2017/Aug/28
Broken Link
http://www.securityfocus.com/bid/100135
Third Party Advisory
https://www.exploit-db.com/exploits/42519/
Mailing List
http://seclists.org/fulldisclosure/2017/Aug/28
Broken Link
http://www.securityfocus.com/bid/100135
Third Party Advisory
https://www.exploit-db.com/exploits/42519/
69
/ 100
high-risk
Severity
30/34 · Critical
Exploitability
34/34 · Critical
Exposure
5/34 · Minimal