The vulnerabilities were discovered by Vienna, Austria-based SEC Consult who reported them to Symantec but withheld its own publication until a fix has become available. SEC Consult now advises all Symantec Web Gateway Appliance users to upgrade to the new 5.1.1 version as soon as possible.
According to Symantec, "Symantec Web Gateway protects organizations against multiple types of Web-borne malware." But version 5.1.0 was shipped with its own vulnerabilities that would, says SEC Consult, "enable state-sponsored or criminal hackers to take full control."
Six separate vulnerabilities are highlighted in SEC Consult's advisory: reflected cross site scripting, persistent cross site scripting, OS command injection, security misconfiguration, SQL injection, and cross site request forgery.
Several of these vulnerabilities, says the advisory, "can be chained together by an unauthenticated attacker in order to run arbitrary commands with the privileges of the 'root' operating system user on the appliance." Although it has withheld its proof of concept exploit code, SEC Consult provides a detailed description of how some of these vulnerabilities can be chained together to compromise users. "This attack only requires a user (protected by the Symantec Web Gateway) to visit a 'malicious' page," it claims.
SEC Consult reported the vulnerabilities to Symantec on 22 February. On 5 March Symantec confirmed them and said it was working on solutions. SEC Consult monitored the progress of the solutions to co-ordinate public release of its findings. Yesterday Symantec released its own advisory and product update. This morning SEC Consult has published its findings with a strong recommendation that all Symantec Web Gateway Appliance users should upgrade to version 5.1.1 as soon as possible.