SA152: Privilege Escalation Vulnerability in ProxyClient

Click to Subscribe
Security Advisory ID: 
SA152
Published Date: 
Aug 31, 2017
Advisory Status: 
Final
Advisory Severity: 
High
CVSS v2 base score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVE Number: 
CVE-2017-13674 - 7.2 (HIGH) (AV:L/AC:L/Au:N/C:C/I:C/A:C)

The ProxyClient application for Windows is susceptible to a privilege escalation vulnerability.  A malicious local Windows user can, under certain circumstances, exploit this vulnerability to escalate their privileges on the system and execute arbitrary code with LocalSystem privileges.

Affected Products:

ProxyClient
ProxyClient 3.4 for Windows is vulnerable.  ProxyClient 3.4 for MacOSX is not vulnerable.

Advisory Details: 

The Symantec ProxyClient application provides acceleration and web filtering functionality for mobile and remote users on Windows, Mac, and Linux platforms. ProxyClient works with the Symantec ProxySG appliance, which can act as a secure web gateway or provide WAN traffic optimization.  ProxyClient also provides CIFS share optimization and web filtering capabilities on the local system.

ProxyClient 3.4 for Windows is susceptible to a privilege escalation vulnerability (CVE-2017-13674).  A malicious user with access to the local Windows system can, under certain circumstances, escalate their privileges on the system and execute arbitrary code with LocalSystem privileges.

ProxyClient has been obsoleted by Unified Agent.  Symantec recommends that ProxyClient customers transition to the latest version of Unified Agent to get the latest functionality and vulnerability fixes.  ProxyClient customers can also contact Symantec Support for workaround instructions.

Workarounds: 

Please contact Symantec Support for workaround instructions for this vulnerability.

Patches: 

ProxyClient
ProxyClient 3.4 for Windows - ProxyClient has been obsoleted by Unified Agent and a ProxyClient fix will not be provided.  Please upgrade to the latest version of Unified Agent.

References: 
Advisory History: 

2017-08-31 initial public release

Acknowledgements: 

Thanks to Dejan Zelic (https://dejandayoff.com/) and Early Warning (https://earlywarning.com/) for reporting the vulnerability.