cvedb.io
CVE-2021-46825
CRITICAL · CVSS 9.1
EPSS exploitation probability: 0%
Published 2022-07-07T16:15:09.017 · Last modified 2026-06-17T04:15:37.390

Summary

Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Affected products

broadcom — advanced_secure_gateway

Does this affect you?

Add your gear to cvedb and we'll alert you only when broadcom ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.