Vulnerability Name: | CVE-2014-2033 (CCN-94030) | ||||||||
Assigned: | 2014-02-18 | ||||||||
Published: | 2014-02-18 | ||||||||
Updated: | 2018-12-12 | ||||||||
Summary: | The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification by leveraging knowledge of previously valid credentials. | ||||||||
CVSS v3 Severity: | 9.6 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 7.9 High (CVSS v2 Vector: AV:A/AC:M/Au:N/C:C/I:C/A:C) 5.8 Medium (Temporal CVSS v2 Vector: AV:A/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.8 Medium (CCN Temporal CVSS v2 Vector: AV:A/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-264 | ||||||||
Vulnerability Consequences: | Bypass Security | ||||||||
References: | Source: MITRE Type: CNA CVE-2014-2033 Source: CCN Type: US-CERT VU#221620 Blue Coat ProxySG local user changes contain a time and state vulnerability Source: CERT-VN Type: US Government Resource VU#221620 Source: CCN Type: BID-66054 Blue Coat ProxySG CVE-2014-2033 Security Bypass Vulnerability Source: XF Type: UNKNOWN bluecoat-proxysg-cve20142033-sec-bypass(94030) Source: CCN Type: Blue Coat Security Advisory SA77 Changes to ProxySG local users are delayed Source: CONFIRM Type: Vendor Advisory https://kb.bluecoat.com/index?page=content&id=SA77 | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |