CVE-2023-23954: Support Content Notification - Support Portal - Broadcom support portal

Advanced Secure Gateway and Content Analysis Security Update

Summary

Symantec, A Division of Broadcom has released updates to address issues that were discovered in the Advanced Secure Gateway (ASG) and Content Analysis (CAS) products.

Affected Product(s)

Advanced Secure Gateway

CVE

Affected Version(s)

Remediation

CVE-2023-23952
CVE-2023-23953
CVE-2023-23954
CVE-2023-23955

Prior to 7.3.13.1

Upgrade to 7.3.13.1 or later.

Content Analysis

CVE

Affected Version(s)

Remediation

CVE-2023-23952
CVE-2023-23953
CVE-2023-23954
CVE-2203-23955

Prior to 3.1.6.0

Upgrade to 3.1.6.0 or later.

---

Issue Details

CVE-2023-23952

Severity/CVSSv3:

High / 7.9 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Impact:

NVD: CVE-2023-23952

Command Injection

Description:

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability.

CVE-2023-23953

Severity/CVSSv3:

High / 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Impact:

NVD: CVE-2023-23953

Elevation of Privilege

Description:

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Elevation of Privilege vulnerability. .

CVE-2023-23954

Severity/CVSSv3:

Medium / 4.2 AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N

References:

Impact:

NVD: CVE-2023-23954

Stored Cross-Site Scripting

Description:

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability. .

CVE-2023-23955

Severity/CVSSv3:

Low / 2.2 AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N

References:

Impact:

NVD: CVE-2023-23955

Server-Side Request Forgery

Description:

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability.

Mitigation & Additional Information

The following product updates have been made available to customers to remediate these issues:

• ASG 7.3.13.1
• CAS 3.1.6.0

Symantec recommends the following measures to reduce risk of attack:

• Restrict access to administrative or management systems to authorized privileged users.
• Restrict remote access to trusted/authorized systems only.
• Run under the principle of least privilege, where possible, to limit the impact of potential exploit.
• Keep all operating systems and applications current with vendor patches.
• Follow a multi-layered approach to security. At a minimum, run both firewall and anti-malware applications to provide multiple points of detection and protection for both inbound and outbound threats.
• Deploy network and host-based intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in the detection of attacks or malicious activity related to the exploitation of latent vulnerabilities.

Acknowledgements

• CVE-2023-23952: Jerome NOKIN, NATO Cyber Security Centre

• CVE-2023-23953: Jerome NOKIN and Jean-Michel Huguet, NATO Cyber Security Centre

• CVE-2023-23954: Jerome NOKIN, NATO Cyber Security Centre

• CVE-2023-23955: Jerome NOKIN, NATO Cyber Security Centre