OS Command Injection in Blue Coat Advanced Secure Gateway and Content Analysis System
CVE-2016-9091

7.2HIGH

Key Information:

Vendor: Symantec Corporation
Status: Blue Coat Asg; Blue Coat Cas
Vendor: CVE Published:; 5 April 2017

What is CVE-2016-9091?

The Blue Coat Advanced Secure Gateway (ASG) and Content Analysis System (CAS) are vulnerable to an OS command injection flaw. This weakness permits an authenticated malicious administrator to execute arbitrary OS commands with elevated system privileges, potentially leading to unauthorized access and manipulation of system operations. It is vital for users to apply available patches to protect against this significant vulnerability.

Affected Version(s)

Blue Coat ASG 6.6 prior to 6.6.5.4

Blue Coat CAS 1.3 prior to 1.3.7.4

References

http://www.securityfocus.com/bid/97372

vdb-entryx_refsource_BID

https://www.exploit-db.com/exploits/41785/

exploitx_refsource_EXPLOIT-DB

https://www.exploit-db.com/exploits/41786/

exploitx_refsource_EXPLOIT-DB

EPSS Score

36% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 5, 2017
Vulnerability Reserved
Oct 28, 2016

Symantec Corporation

What is CVE-2016-9091?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline