CVE-2021-46825
Last modified
CVE-2021-46825 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. EPSS estimates a 1.37% chance of exploitation in the next 30 days.
Description
Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Advanced Secure Gateway | 6.7 |
| Broadcom | Advanced Secure Gateway | 7.3 |
| Broadcom | Proxysg | 6.7 |
| Broadcom | Proxysg | 7.3 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-46825?
How severe is CVE-2021-46825?
How do I fix CVE-2021-46825?
Are you affected by CVE-2021-46825?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST