cvelistv5 - cve-2016-9097

CVE-2016-9097 (GCVE-0-2016-9097)

Vulnerability from cvelistv5 – Published: 2017-05-11 14:01 – Updated: 2024-09-16 17:33

Summary

Severity ?

No CVSS data available.

CWE

Improper user authorization

Assigner

symantec

References

URL

Tags

	http://www.securityfocus.com/bid/101530	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1039701	vdb-entryx_refsource_SECTRACK
	https://www.symantec.com/security-center/network-…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Symantec Corporation	Symantec Advanced Secure Gateway (ASG) and ProxySG	Affected: ASG 6.6 prior to 6.6.5.8, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, ProxySG 6.7 prior to 6.7.1.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:42:10.388Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "101530",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101530"
          },
          {
            "name": "1039701",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039701"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Symantec Advanced Secure Gateway (ASG) and ProxySG",
          "vendor": "Symantec Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "ASG 6.6 prior to 6.6.5.8, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, ProxySG 6.7 prior to 6.7.1.2"
            }
          ]
        }
      ],
      "datePublic": "2017-10-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper user authorization",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-01T09:57:01",
        "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "shortName": "symantec"
      },
      "references": [
        {
          "name": "101530",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101530"
        },
        {
          "name": "1039701",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039701"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@symantec.com",
          "DATE_PUBLIC": "2017-10-30T00:00:00",
          "ID": "CVE-2016-9097",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Symantec Advanced Secure Gateway (ASG) and ProxySG",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "ASG 6.6 prior to 6.6.5.8, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, ProxySG 6.7 prior to 6.7.1.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Symantec Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper user authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "101530",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101530"
            },
            {
              "name": "1039701",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039701"
            },
            {
              "name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146",
              "refsource": "CONFIRM",
              "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
    "assignerShortName": "symantec",
    "cveId": "CVE-2016-9097",
    "datePublished": "2017-05-11T14:01:00Z",
    "dateReserved": "2016-10-28T00:00:00",
    "dateUpdated": "2024-09-16T17:33:11.446Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A541B285-4265-4AED-80FC-AE02C1372645\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"445E76D3-2ACF-4BA6-ADC2-53BBA53C5184\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"017EEF7C-C07F-445F-9F8B-0D9539857470\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA1AF395-4E93-4343-A0AE-ABCC0B34D2E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E715F75B-AFFA-4662-9E51-30C10EA0CBF4\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_proxysg:6.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C90E531A-A9AF-47F4-BDC5-E40AEE3CCFD5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_proxysg:6.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CFDCAF4-7B89-4E12-88B2-EBD85845D8C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_proxysg:6.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70F87807-F8FB-468F-9E44-4DEF2B7C4C3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_proxysg:6.5.2.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3493C4B-2CFE-4957-93CC-807154C074CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_proxysg:6.5.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F2B8572-B369-489C-A7FA-1B635A66A9FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_proxysg:6.5.5.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5158A3A-11AD-4D64-92B6-AE7656E6E5A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_proxysg:6.5.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D868AE5A-6D8D-4DC6-81C4-56E10DCE40A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_proxysg:6.5.7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8F1C6C8-B3E5-4787-BFCC-2E07ECDC6A65\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3BED641-6C64-49BA-8CA1-EF4B01DAF0B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8508498-0FCF-4DB3-A718-A685AA2D2299\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A1F6F5F-580E-401C-AE85-56497636132A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BEDDE433-6FC5-4B4B-8DE2-1485486D7A16\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"004F99F2-E750-4FC5-A2A6-65FD1C918676\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_proxysg:6.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4854655-722B-4504-9A7C-C2211C98194D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_proxysg:6.6.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A65BB092-04AD-496F-9CB5-7F6D6E6118C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_proxysg:6.6.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"38CCDA77-BD6F-4D0E-A305-94294B4CB1B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_proxysg:6.6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16B96153-D19F-4345-9DE8-A7E27EDE7282\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_proxysg:6.6.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCE3894E-B218-4A0A-9AA8-C13D26722A2C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_proxysg:6.6.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3047126-01AB-435D-8D22-832B21BE6A74\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_proxysg:6.6.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"682DFD13-7BEC-4044-9927-68C4C856A206\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_proxysg:6.6.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"82D43CCC-6154-4213-BD5E-D367DE8995EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_proxysg:6.6.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EC52CDF-739B-49B1-8668-9D55B2E3E2C6\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_proxysg:6.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"91A561A9-EA6E-461B-89FA-FA60F40C14B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:symantec_proxysg:6.7.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9141EEA0-9E3D-4772-8AC1-CE5F2FCE188F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges.\"}, {\"lang\": \"es\", \"value\": \"Las consolas de administraci\\u00f3n Advanced Secure Gateway (ASG) versiones 6.6 anteriores a 6.6.5.8, ProxySG versiones 6.5 anteriores a 6.5.10.6, ProxySG versiones 6.6 anteriores a 6.6.5.8 y ProxySG versiones 6.7 anteriores a 6.7.1.2 de Symantec, no autorizan correctamente, bajo determinadas circunstancias, a usuarios administradores. Un administrador malicioso con acceso de solo lectura puede explotar esta vulnerabilidad para acceder a la funcionalidad de consola de administraci\\u00f3n que requiere privilegios de acceso de lectura y escritura.\"}]",
      "id": "CVE-2016-9097",
      "lastModified": "2024-11-21T03:00:35.517",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:C\", \"baseScore\": 8.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.0, \"impactScore\": 8.5, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-05-11T14:30:16.360",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/101530\", \"source\": \"secure@symantec.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039701\", \"source\": \"secure@symantec.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.symantec.com/security-center/network-protection-security-advisories/SA146\", \"source\": \"secure@symantec.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/101530\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039701\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.symantec.com/security-center/network-protection-security-advisories/SA146\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@symantec.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-9097\",\"sourceIdentifier\":\"secure@symantec.com\",\"published\":\"2017-05-11T14:30:16.360\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges.\"},{\"lang\":\"es\",\"value\":\"Las consolas de administraci\u00f3n Advanced Secure Gateway (ASG) versiones 6.6 anteriores a 6.6.5.8, ProxySG versiones 6.5 anteriores a 6.5.10.6, ProxySG versiones 6.6 anteriores a 6.6.5.8 y ProxySG versiones 6.7 anteriores a 6.7.1.2 de Symantec, no autorizan correctamente, bajo determinadas circunstancias, a usuarios administradores. Un administrador malicioso con acceso de solo lectura puede explotar esta vulnerabilidad para acceder a la funcionalidad de consola de administraci\u00f3n que requiere privilegios de acceso de lectura y escritura.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:C\",\"baseScore\":8.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":8.5,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A541B285-4265-4AED-80FC-AE02C1372645\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"445E76D3-2ACF-4BA6-ADC2-53BBA53C5184\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"017EEF7C-C07F-445F-9F8B-0D9539857470\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA1AF395-4E93-4343-A0AE-ABCC0B34D2E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E715F75B-AFFA-4662-9E51-30C10EA0CBF4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_proxysg:6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C90E531A-A9AF-47F4-BDC5-E40AEE3CCFD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_proxysg:6.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CFDCAF4-7B89-4E12-88B2-EBD85845D8C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_proxysg:6.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70F87807-F8FB-468F-9E44-4DEF2B7C4C3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_proxysg:6.5.2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3493C4B-2CFE-4957-93CC-807154C074CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_proxysg:6.5.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F2B8572-B369-489C-A7FA-1B635A66A9FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_proxysg:6.5.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5158A3A-11AD-4D64-92B6-AE7656E6E5A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_proxysg:6.5.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D868AE5A-6D8D-4DC6-81C4-56E10DCE40A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_proxysg:6.5.7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8F1C6C8-B3E5-4787-BFCC-2E07ECDC6A65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3BED641-6C64-49BA-8CA1-EF4B01DAF0B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8508498-0FCF-4DB3-A718-A685AA2D2299\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A1F6F5F-580E-401C-AE85-56497636132A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEDDE433-6FC5-4B4B-8DE2-1485486D7A16\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"004F99F2-E750-4FC5-A2A6-65FD1C918676\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_proxysg:6.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4854655-722B-4504-9A7C-C2211C98194D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_proxysg:6.6.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A65BB092-04AD-496F-9CB5-7F6D6E6118C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_proxysg:6.6.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38CCDA77-BD6F-4D0E-A305-94294B4CB1B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_proxysg:6.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16B96153-D19F-4345-9DE8-A7E27EDE7282\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_proxysg:6.6.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCE3894E-B218-4A0A-9AA8-C13D26722A2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_proxysg:6.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3047126-01AB-435D-8D22-832B21BE6A74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_proxysg:6.6.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"682DFD13-7BEC-4044-9927-68C4C856A206\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_proxysg:6.6.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82D43CCC-6154-4213-BD5E-D367DE8995EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_proxysg:6.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EC52CDF-739B-49B1-8668-9D55B2E3E2C6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_proxysg:6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91A561A9-EA6E-461B-89FA-FA60F40C14B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:symantec_proxysg:6.7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9141EEA0-9E3D-4772-8AC1-CE5F2FCE188F\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/101530\",\"source\":\"secure@symantec.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039701\",\"source\":\"secure@symantec.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.symantec.com/security-center/network-protection-security-advisories/SA146\",\"source\":\"secure@symantec.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/101530\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039701\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.symantec.com/security-center/network-protection-security-advisories/SA146\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

VAR-201705-3126

Vulnerability from variot - Updated: 2023-12-18 13:14

The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges. ProxySG and ASG are prone to an authorization-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access and obtain sensitive information or elevate privileges. This may aid in further attacks. The following products are affected: Blue Coat Systems ASG 6.6 prior to 6.6.5.8 is vulnerable. Blue Coat Systems ProxySG 6.5 prior to 6.5.10.6, 6.6 prior to 6.6.5.8, and 6.7 prior to 6.7.1.2 are vulnerable. Symantec ProxySG and Advanced Secure Gateway (ASG) are security gateway devices of Symantec Corporation of the United States. Security vulnerabilities exist in Symantec ProxySG and ASG

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3126",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "symantec proxysg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.5.7.6"
      },
      {
        "model": "symantec proxysg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.6.4"
      },
      {
        "model": "symantec proxysg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.6.3.2"
      },
      {
        "model": "symantec proxysg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.6.2.2"
      },
      {
        "model": "symantec proxysg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.5.6.1"
      },
      {
        "model": "advanced secure gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.6.5.1"
      },
      {
        "model": "advanced secure gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.6.3"
      },
      {
        "model": "symantec proxysg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.6.2.1"
      },
      {
        "model": "symantec proxysg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.6.4.3"
      },
      {
        "model": "symantec proxysg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.6"
      },
      {
        "model": "symantec proxysg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.5.9.2"
      },
      {
        "model": "symantec proxysg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.5.9.14"
      },
      {
        "model": "symantec proxysg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.6.5"
      },
      {
        "model": "advanced secure gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.6.4"
      },
      {
        "model": "advanced secure gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.6.4.3"
      },
      {
        "model": "symantec proxysg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.5.2.10"
      },
      {
        "model": "advanced secure gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.6"
      },
      {
        "model": "symantec proxysg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.5.5.7"
      },
      {
        "model": "symantec proxysg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.5.9.8"
      },
      {
        "model": "symantec proxysg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.6.4.1"
      },
      {
        "model": "symantec proxysg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.7.1.1"
      },
      {
        "model": "symantec proxysg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.6.2"
      },
      {
        "model": "symantec proxysg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.5.1"
      },
      {
        "model": "symantec proxysg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.5.9.10"
      },
      {
        "model": "symantec proxysg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.6.3"
      },
      {
        "model": "symantec proxysg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.5.2"
      },
      {
        "model": "symantec proxysg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.7"
      },
      {
        "model": "symantec proxysg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.5.4.1"
      },
      {
        "model": "symantec proxysg",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": "6.5"
      },
      {
        "model": "proxysg",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "symantec",
        "version": "6.6.5"
      },
      {
        "model": "proxysg",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "symantec",
        "version": "6.6.4.1"
      },
      {
        "model": "proxysg",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "symantec",
        "version": "6.7"
      },
      {
        "model": "proxysg",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "symantec",
        "version": "6.7.1.1"
      },
      {
        "model": "proxysg",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "symantec",
        "version": "6.6.2.2"
      },
      {
        "model": "proxysg",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "symantec",
        "version": "6.6.3.2"
      },
      {
        "model": "proxysg",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "symantec",
        "version": "6.6.3"
      },
      {
        "model": "proxysg",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "symantec",
        "version": "6.6.4.3"
      },
      {
        "model": "proxysg",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "symantec",
        "version": "6.6.4"
      },
      {
        "model": "proxysg",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "symantec",
        "version": "6.6.2.1"
      },
      {
        "model": "coat systems proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "6.5.4"
      },
      {
        "model": "coat systems proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "6.5.36"
      },
      {
        "model": "coat systems proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "6.5.35"
      },
      {
        "model": "coat systems proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "6.7"
      },
      {
        "model": "coat systems proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "6.6"
      },
      {
        "model": "coat systems proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "6.5.8.8"
      },
      {
        "model": "coat systems proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "6.5.7.3"
      },
      {
        "model": "coat systems proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "6.5.5.7"
      },
      {
        "model": "coat systems proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "6.5.5.4"
      },
      {
        "model": "coat systems proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "6.5.1.1"
      },
      {
        "model": "coat systems proxysg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "6.5"
      },
      {
        "model": "coat systems advanced secure gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "6.6"
      },
      {
        "model": "coat systems proxysg",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blue",
        "version": "6.7.1.2"
      },
      {
        "model": "coat systems proxysg",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blue",
        "version": "6.6.5.8"
      },
      {
        "model": "coat systems proxysg",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blue",
        "version": "6.5.10.6"
      },
      {
        "model": "coat systems advanced secure gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blue",
        "version": "6.6.5.8"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "101530"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9097"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1277"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.2.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.7.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-9097"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jakub Palaczynski and Pawel Bartunek.",
    "sources": [
      {
        "db": "BID",
        "id": "101530"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1277"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-9097",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 8.5,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-97917",
            "impactScore": 8.5,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.2,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-9097",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201710-1277",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-97917",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97917"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9097"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1277"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges. ProxySG and ASG are prone to an authorization-bypass vulnerability. \nAttackers can exploit this issue to gain unauthorized access and obtain  sensitive information or elevate privileges. This may aid in further  attacks. \nThe following products are affected:\nBlue Coat Systems ASG 6.6 prior to 6.6.5.8 is vulnerable. \nBlue Coat Systems ProxySG 6.5 prior to 6.5.10.6, 6.6 prior to 6.6.5.8, and 6.7 prior to 6.7.1.2 are vulnerable. Symantec ProxySG and Advanced Secure Gateway (ASG) are security gateway devices of Symantec Corporation of the United States. Security vulnerabilities exist in Symantec ProxySG and ASG",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-9097"
      },
      {
        "db": "BID",
        "id": "101530"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97917"
      }
    ],
    "trust": 1.26
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "101530",
        "trust": 2.0
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9097",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1039701",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1277",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-97917",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97917"
      },
      {
        "db": "BID",
        "id": "101530"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9097"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1277"
      }
    ]
  },
  "id": "VAR-201705-3126",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97917"
      }
    ],
    "trust": 0.5981660375
  },
  "last_update_date": "2023-12-18T13:14:16.995000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Symantec ProxySG  and Advanced Secure Gateway Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=155178"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1277"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97917"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9097"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa146"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/101530"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1039701"
      },
      {
        "trust": 0.3,
        "url": "http://www.bluecoat.com/products/sg"
      },
      {
        "trust": 0.3,
        "url": "https://www.bluecoat.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97917"
      },
      {
        "db": "BID",
        "id": "101530"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9097"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1277"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-97917"
      },
      {
        "db": "BID",
        "id": "101530"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9097"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1277"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97917"
      },
      {
        "date": "2017-10-26T00:00:00",
        "db": "BID",
        "id": "101530"
      },
      {
        "date": "2017-05-11T14:30:16.360000",
        "db": "NVD",
        "id": "CVE-2016-9097"
      },
      {
        "date": "2017-10-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201710-1277"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-07-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97917"
      },
      {
        "date": "2017-12-19T20:00:00",
        "db": "BID",
        "id": "101530"
      },
      {
        "date": "2021-07-08T16:37:42.880000",
        "db": "NVD",
        "id": "CVE-2016-9097"
      },
      {
        "date": "2021-06-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201710-1277"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1277"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Symantec ProxySG and Advanced Secure Gateway Security hole",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1277"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1277"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2017-36162

Vulnerability from cnvd - Published: 2017-12-05

Title

Symantec ProxySG和Advanced Secure Gateway远程授权绕过漏洞

Description

Symantec ProxySG和Advanced Secure Gateway（ASG）都是美国赛门铁克（Symantec）公司的安全网关设备。 Symantec ProxySG和ASG中存在安全漏洞。远程攻击者可利用该漏洞访问管理控制台功能。

Severity

高

Patch Name

Symantec ProxySG和Advanced Secure Gateway远程授权绕过漏洞的补丁

Patch Description

Symantec ProxySG和Advanced Secure Gateway（ASG）都是美国赛门铁克（Symantec）公司的安全网关设备。 Symantec ProxySG和ASG中存在安全漏洞。远程攻击者可利用该漏洞访问管理控制台功能。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.symantec.com/security-center/network-protection-security-advisories/SA146

Reference

https://www.securitytracker.com/id/1039701

Impacted products

Name
['Symantec Symantec ProxySG', 'Symantec Advanced Secure Gateway']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "101530"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-9097"
    }
  },
  "description": "Symantec ProxySG\u548cAdvanced Secure Gateway\uff08ASG\uff09\u90fd\u662f\u7f8e\u56fd\u8d5b\u95e8\u94c1\u514b\uff08Symantec\uff09\u516c\u53f8\u7684\u5b89\u5168\u7f51\u5173\u8bbe\u5907\u3002\r\n\r\nSymantec ProxySG\u548cASG\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u7ba1\u7406\u63a7\u5236\u53f0\u529f\u80fd\u3002",
  "discovererName": "Jakub Palaczynski and Pawel Bartunek.",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.symantec.com/security-center/network-protection-security-advisories/SA146",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-36162",
  "openTime": "2017-12-05",
  "patchDescription": "Symantec ProxySG\u548cAdvanced Secure Gateway\uff08ASG\uff09\u90fd\u662f\u7f8e\u56fd\u8d5b\u95e8\u94c1\u514b\uff08Symantec\uff09\u516c\u53f8\u7684\u5b89\u5168\u7f51\u5173\u8bbe\u5907\u3002\r\n\r\nSymantec ProxySG\u548cASG\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u7ba1\u7406\u63a7\u5236\u53f0\u529f\u80fd\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Symantec ProxySG\u548cAdvanced Secure Gateway\u8fdc\u7a0b\u6388\u6743\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Symantec Symantec ProxySG",
      "Symantec Advanced Secure Gateway"
    ]
  },
  "referenceLink": "https://www.securitytracker.com/id/1039701",
  "serverity": "\u9ad8",
  "submitTime": "2017-11-03",
  "title": "Symantec ProxySG\u548cAdvanced Secure Gateway\u8fdc\u7a0b\u6388\u6743\u7ed5\u8fc7\u6f0f\u6d1e"
}

GHSA-QJW8-FQFP-G4FH

Vulnerability from github – Published: 2022-05-13 01:08 – Updated: 2022-05-13 01:08

Details

Severity ?

7.2 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-9097"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-11T14:30:00Z",
    "severity": "HIGH"
  },
  "details": "The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges.",
  "id": "GHSA-qjw8-fqfp-g4fh",
  "modified": "2022-05-13T01:08:51Z",
  "published": "2022-05-13T01:08:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9097"
    },
    {
      "type": "WEB",
      "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101530"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039701"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2016-9097

Vulnerability from fkie_nvd - Published: 2017-05-11 14:30 - Updated: 2025-04-20 01:37

Severity ?

7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secure@symantec.com	http://www.securityfocus.com/bid/101530	Third Party Advisory, VDB Entry
secure@symantec.com	http://www.securitytracker.com/id/1039701	Third Party Advisory, VDB Entry
secure@symantec.com	https://www.symantec.com/security-center/network-protection-security-advisories/SA146	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/101530	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039701	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.symantec.com/security-center/network-protection-security-advisories/SA146	Vendor Advisory

Impacted products

Vendor	Product	Version
broadcom	advanced_secure_gateway	6.6
broadcom	advanced_secure_gateway	6.6.3
broadcom	advanced_secure_gateway	6.6.4
broadcom	advanced_secure_gateway	6.6.4.3
broadcom	advanced_secure_gateway	6.6.5.1
broadcom	symantec_proxysg	6.5
broadcom	symantec_proxysg	6.5.1
broadcom	symantec_proxysg	6.5.2
broadcom	symantec_proxysg	6.5.2.10
broadcom	symantec_proxysg	6.5.4.1
broadcom	symantec_proxysg	6.5.5.7
broadcom	symantec_proxysg	6.5.6.1
broadcom	symantec_proxysg	6.5.7.6
broadcom	symantec_proxysg	6.5.9.2
broadcom	symantec_proxysg	6.5.9.8
broadcom	symantec_proxysg	6.5.9.10
broadcom	symantec_proxysg	6.5.9.14
broadcom	symantec_proxysg	6.6
broadcom	symantec_proxysg	6.6.2
broadcom	symantec_proxysg	6.6.2.1
broadcom	symantec_proxysg	6.6.2.2
broadcom	symantec_proxysg	6.6.3
broadcom	symantec_proxysg	6.6.3.2
broadcom	symantec_proxysg	6.6.4
broadcom	symantec_proxysg	6.6.4.1
broadcom	symantec_proxysg	6.6.4.3
broadcom	symantec_proxysg	6.6.5
broadcom	symantec_proxysg	6.7
broadcom	symantec_proxysg	6.7.1.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A541B285-4265-4AED-80FC-AE02C1372645",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "445E76D3-2ACF-4BA6-ADC2-53BBA53C5184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "017EEF7C-C07F-445F-9F8B-0D9539857470",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA1AF395-4E93-4343-A0AE-ABCC0B34D2E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E715F75B-AFFA-4662-9E51-30C10EA0CBF4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C90E531A-A9AF-47F4-BDC5-E40AEE3CCFD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CFDCAF4-7B89-4E12-88B2-EBD85845D8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "70F87807-F8FB-468F-9E44-4DEF2B7C4C3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3493C4B-2CFE-4957-93CC-807154C074CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F2B8572-B369-489C-A7FA-1B635A66A9FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5158A3A-11AD-4D64-92B6-AE7656E6E5A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D868AE5A-6D8D-4DC6-81C4-56E10DCE40A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8F1C6C8-B3E5-4787-BFCC-2E07ECDC6A65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3BED641-6C64-49BA-8CA1-EF4B01DAF0B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8508498-0FCF-4DB3-A718-A685AA2D2299",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A1F6F5F-580E-401C-AE85-56497636132A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEDDE433-6FC5-4B4B-8DE2-1485486D7A16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "004F99F2-E750-4FC5-A2A6-65FD1C918676",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4854655-722B-4504-9A7C-C2211C98194D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A65BB092-04AD-496F-9CB5-7F6D6E6118C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "38CCDA77-BD6F-4D0E-A305-94294B4CB1B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "16B96153-D19F-4345-9DE8-A7E27EDE7282",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCE3894E-B218-4A0A-9AA8-C13D26722A2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3047126-01AB-435D-8D22-832B21BE6A74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "682DFD13-7BEC-4044-9927-68C4C856A206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "82D43CCC-6154-4213-BD5E-D367DE8995EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EC52CDF-739B-49B1-8668-9D55B2E3E2C6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "91A561A9-EA6E-461B-89FA-FA60F40C14B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:symantec_proxysg:6.7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9141EEA0-9E3D-4772-8AC1-CE5F2FCE188F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges."
    },
    {
      "lang": "es",
      "value": "Las consolas de administraci\u00f3n Advanced Secure Gateway (ASG) versiones 6.6 anteriores a 6.6.5.8, ProxySG versiones 6.5 anteriores a 6.5.10.6, ProxySG versiones 6.6 anteriores a 6.6.5.8 y ProxySG versiones 6.7 anteriores a 6.7.1.2 de Symantec, no autorizan correctamente, bajo determinadas circunstancias, a usuarios administradores. Un administrador malicioso con acceso de solo lectura puede explotar esta vulnerabilidad para acceder a la funcionalidad de consola de administraci\u00f3n que requiere privilegios de acceso de lectura y escritura."
    }
  ],
  "id": "CVE-2016-9097",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 8.5,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-11T14:30:16.360",
  "references": [
    {
      "source": "secure@symantec.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101530"
    },
    {
      "source": "secure@symantec.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039701"
    },
    {
      "source": "secure@symantec.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039701"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146"
    }
  ],
  "sourceIdentifier": "secure@symantec.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2016-9097

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-9097

Aliases

CVE-2016-9097

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-9097",
    "description": "The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges.",
    "id": "GSD-2016-9097"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-9097"
      ],
      "details": "The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges.",
      "id": "GSD-2016-9097",
      "modified": "2023-12-13T01:21:21.419828Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@symantec.com",
        "DATE_PUBLIC": "2017-10-30T00:00:00",
        "ID": "CVE-2016-9097",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Symantec Advanced Secure Gateway (ASG) and ProxySG",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "ASG 6.6 prior to 6.6.5.8, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, ProxySG 6.7 prior to 6.7.1.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Symantec Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Improper user authorization"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "101530",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/101530"
          },
          {
            "name": "1039701",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1039701"
          },
          {
            "name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146",
            "refsource": "CONFIRM",
            "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.2.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.5.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.6.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.7.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:symantec_proxysg:6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@symantec.com",
          "ID": "CVE-2016-9097"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA146"
            },
            {
              "name": "1039701",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1039701"
            },
            {
              "name": "101530",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/101530"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 8.5,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-07-08T16:37Z",
      "publishedDate": "2017-05-11T14:30Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-9097 (GCVE-0-2016-9097)

VAR-201705-3126

CNVD-2017-36162

GHSA-QJW8-FQFP-G4FH

FKIE_CVE-2016-9097

GSD-2016-9097

Tags

Sightings

Nomenclature