CVE-2019-18375 : What You Need to Know

Symantec Advanced Secure Gateway (ASG) and ProxySG are affected by a session hijacking vulnerability that allows attackers to take over user sessions through the management consoles.

Understanding CVE-2019-18375

This CVE identifies a critical security issue in Symantec ASG and ProxySG appliances.

What is CVE-2019-18375?

The vulnerability in ASG and ProxySG management consoles enables attackers to hijack active user sessions, gaining unauthorized access to the consoles.

The Impact of CVE-2019-18375

The exploitation of this vulnerability can lead to unauthorized access to sensitive information and compromise the security of affected systems.

Technical Details of CVE-2019-18375

Symantec ASG and ProxySG are susceptible to session hijacking attacks.

Vulnerability Description

Attackers with access to the management interface can take over active user sessions.

Affected Systems and Versions

Symantec ASG 6.7.4 prior to 6.7.4.10 and 7.x prior to 7.2.0.1
Symantec ProxySG 6.7.4 prior to 6.7.4.10 and 7.x prior to 7.2.0.1

Exploitation Mechanism

Remote attackers exploit the vulnerability through the appliance management interface to hijack user sessions.

Mitigation and Prevention

Immediate Steps to Take:

Apply security patches provided by Symantec promptly.
Monitor and restrict access to the management consoles.

Long-Term Security Practices:

Implement strong authentication mechanisms for console access.
Regularly update and review security configurations.
Conduct security audits to detect and prevent similar vulnerabilities.
Educate users on secure session management practices.
Consider implementing additional security layers such as multi-factor authentication.

Patching and Updates:

Stay informed about security advisories and updates from Symantec.
Apply patches and updates as soon as they are released to mitigate the risk of exploitation.