CVE-2016-9091
Summary
| CVE | CVE-2016-9091 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-04-05 15:59:00 UTC |
| Updated | 2017-08-16 01:29:00 UTC |
| Description | Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges. |
Risk And Classification
Problem Types: CWE-78
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Bluecoat | Advanced Secure Gateway | All | All | All | All |
| Application | Bluecoat | Content Analysis System Software | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Bluecoat ASG 6.6/CAS 1.3 - OS Command Injection (Metasploit) | EXPLOIT-DB | www.exploit-db.com | |
| Bluecoat ASG 6.6/CAS 1.3 - Privilege Escalation (Metasploit) | EXPLOIT-DB | www.exploit-db.com | |
| Multiple Bluecoat Products CVE-2016-9091 Command Injection Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Security Advisory | CONFIRM | bto.bluecoat.com | Mitigation, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.