Vulnerability Name: | CVE-2016-9091 (CCN-124337) | ||||||||||||
Assigned: | 2016-10-28 | ||||||||||||
Published: | 2017-04-03 | ||||||||||||
Updated: | 2017-08-16 | ||||||||||||
Summary: | Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges. | ||||||||||||
CVSS v3 Severity: | 7.2 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) 6.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)
8.2 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
| ||||||||||||
Vulnerability Type: | CWE-78 | ||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2016-9091 Source: BID Type: Third Party Advisory, VDB Entry 97372 Source: CCN Type: BID-97372 Multiple Bluecoat Products CVE-2016-9091 Command Injection Vulnerability Source: CCN Type: Blue Coat Systems, Inc. Web site SA138: OS Command Injection Vulnerability in ASG and CAS Source: CONFIRM Type: Mitigation, Vendor Advisory https://bto.bluecoat.com/security-advisory/sa138 Source: XF Type: UNKNOWN asg-cve20169091-cmd-exec(124337) Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [04-03-2017] Source: EXPLOIT-DB Type: UNKNOWN 41785 Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [04-03-2017] Source: EXPLOIT-DB Type: UNKNOWN 41786 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
BACK |