All the vulnerabilites related to Symantec Corporation - Blue Coat ASG
cve-2016-9091
Vulnerability from cvelistv5
Published
2017-04-05 15:00
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/97372 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/41785/ | exploit, x_refsource_EXPLOIT-DB | |
| https://www.exploit-db.com/exploits/41786/ | exploit, x_refsource_EXPLOIT-DB | |
| https://bto.bluecoat.com/security-advisory/sa138 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Symantec Corporation | Blue Coat ASG |
Version: 6.6 prior to 6.6.5.4 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97372",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97372"
},
{
"name": "41785",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41785/"
},
{
"name": "41786",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41786/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa138"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Blue Coat ASG",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "6.6 prior to 6.6.5.4"
}
]
},
{
"product": "Blue Coat CAS",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "1.3 prior to 1.3.7.4"
}
]
}
],
"datePublic": "2017-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-15T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "97372",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97372"
},
{
"name": "41785",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41785/"
},
{
"name": "41786",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41786/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa138"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-9091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Blue Coat ASG",
"version": {
"version_data": [
{
"version_value": "6.6 prior to 6.6.5.4"
}
]
}
},
{
"product_name": "Blue Coat CAS",
"version": {
"version_data": [
{
"version_value": "1.3 prior to 1.3.7.4"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97372",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97372"
},
{
"name": "41785",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41785/"
},
{
"name": "41786",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41786/"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa138",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa138"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-9091",
"datePublished": "2017-04-05T15:00:00",
"dateReserved": "2016-10-28T00:00:00",
"dateUpdated": "2024-08-06T02:42:10.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}