All the vulnerabilites related to Symantec Corporation - Blue Coat CAS
cve-2016-9091
Vulnerability from cvelistv5
Published
2017-04-05 15:00
Modified
2024-08-06 02:42
Severity ?
Summary
Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges.
References
http://www.securityfocus.com/bid/97372vdb-entry, x_refsource_BID
https://www.exploit-db.com/exploits/41785/exploit, x_refsource_EXPLOIT-DB
https://www.exploit-db.com/exploits/41786/exploit, x_refsource_EXPLOIT-DB
https://bto.bluecoat.com/security-advisory/sa138x_refsource_CONFIRM
Impacted products
Vendor Product Version
Symantec Corporation Blue Coat CAS Version: 1.3 prior to 1.3.7.4
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:42:10.359Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "97372",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97372"
          },
          {
            "name": "41785",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/41785/"
          },
          {
            "name": "41786",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/41786/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa138"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Blue Coat ASG",
          "vendor": "Symantec Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "6.6 prior to 6.6.5.4"
            }
          ]
        },
        {
          "product": "Blue Coat CAS",
          "vendor": "Symantec Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "1.3 prior to 1.3.7.4"
            }
          ]
        }
      ],
      "datePublic": "2017-04-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "OS command injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-15T09:57:01",
        "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "shortName": "symantec"
      },
      "references": [
        {
          "name": "97372",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97372"
        },
        {
          "name": "41785",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/41785/"
        },
        {
          "name": "41786",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/41786/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa138"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@symantec.com",
          "ID": "CVE-2016-9091",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Blue Coat ASG",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.6 prior to 6.6.5.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Blue Coat CAS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.3 prior to 1.3.7.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Symantec Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "OS command injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "97372",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97372"
            },
            {
              "name": "41785",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/41785/"
            },
            {
              "name": "41786",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/41786/"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa138",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa138"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
    "assignerShortName": "symantec",
    "cveId": "CVE-2016-9091",
    "datePublished": "2017-04-05T15:00:00",
    "dateReserved": "2016-10-28T00:00:00",
    "dateUpdated": "2024-08-06T02:42:10.359Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}