Symantec Web Gateway Management Console Remote Code Execution Exploit

The Symantec Web Gateway Management Console before 5.2.5 allows some specially crafted entries to update the whitelist without validation. A lower-privileged but authorized management console user can bypass the whitelist validation using a specifically-modified script to create an unauthorized whitelist entry. This whitelist entry could potentially be leveraged in further malicious attempts against the network.
Platform: 
Vulnerabilty ID: 
CVE-2016-5313
Product Version: 
2016_R1
Released Date: 
Monday, October 31, 2016 - 00:00