cvedb.io
CVE-2015-5692
UNKNOWN · CVSS n/a
EPSS exploitation probability: 0%
Published 2015-09-20T20:59:07.353 · Last modified 2026-06-17T00:29:36.273

Summary

admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading a file with a safe extension and content type, and then leveraging an improper Sudo configuration to make this a setuid-root file.

Affected products

symantec — web_gateway

Does this affect you?

Add your gear to cvedb and we'll alert you only when symantec ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.