Symantec Web Gateway SQL Injection

August 1, 2014

Symantec Web Gateway is a web security gateway appliance that protects organizations against web threats, which include malicious URLs,spyware, botnets, viruses, and other types of malware.A management interface is used to monitor and manage Web Gateway deployments. The web interface uses the HTTP and HTTPS protocols.

A SQL injection vulnerability exists in clientreport.php in the management console in Symantec Web Gateway (SWG) which allows remote attackers to execute arbitrary SQL commands.The vulnerability is due to improper sanitization of the of HTTP parameters passed to PHP pages.A successful SQL injection exploit can execute SQL commands which can read sensitive data from the database or even modify existing contents.

This vulnerability has been assigned as CVE-2014-1651.

Dell SonicWALL Threat research team has observed consistent SQL injection attacks in the wild. Following graph shows recent data :

Dell SonicWALL protects against this threat with the following signature:

  • 5679 SQL Injection Attack 3