CVE-2018-18370 : What You Need to Know

A stored cross-site scripting (XSS) vulnerability in Symantec Advanced Secure Gateway (ASG) and ProxySG allows remote attackers to inject malicious JavaScript code into the web listing of a remote FTP server.

Understanding CVE-2018-18370

This CVE identifies a security flaw in the FTP proxy WebFTP mode of ASG and ProxySG, enabling the interception of FTP connections through a web browser.

What is CVE-2018-18370?

The vulnerability allows an external attacker to upload crafted files to a remote FTP server, injecting harmful JavaScript code into ASG/ProxySG's web interface.

The Impact of CVE-2018-18370

The stored XSS vulnerability poses a risk of executing arbitrary code on the affected systems, potentially leading to unauthorized access or data manipulation.

Technical Details of CVE-2018-18370

The following technical details outline the specifics of the vulnerability:

Vulnerability Description

Type: Cross-site scripting (XSS)
Exploitation: Injection of malicious JavaScript code

Affected Systems and Versions

Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7 (prior to 6.7.4.2)
Symantec ProxySG 6.5 (prior to 6.5.10.15), 6.6, and 6.7 (prior to 6.7.4.2)

Exploitation Mechanism

The attacker needs the ability to upload specifically crafted files to the targeted remote FTP server to exploit this vulnerability.

Mitigation and Prevention

To address CVE-2018-18370, consider the following steps:

Immediate Steps to Take

Apply vendor-supplied patches or updates promptly
Monitor network traffic for any signs of exploitation

Long-Term Security Practices

Regularly update and patch all software and systems
Implement network segmentation to limit the impact of potential attacks

Patching and Updates

Ensure that ASG and ProxySG are updated to versions 6.7.4.2 or later to mitigate the vulnerability.