Privilege escalation in BlueCoat ProxySG

Published: 2017-10-31 13:28:16
Severity Low
Patch available YES
Number of vulnerabilities 1
CVSSv2 5.9 (AV:N/AC:L/Au:S/C:P/I:P/A:C/E:U/RL:OF/RC:C)
CVSSv3 6.5 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]
CVE ID CVE-2016-9097
CWE ID CWE-284
Exploitation vector Network
Public exploit Not available
Vulnerable software ProxySG
Vulnerable software versions ProxySG 6.5.4
ProxySG 6.5.3 6
ProxySG 6.5.3 5
Show more
Vendor URL Blue Coat Systems
Advisory type Public

Security Advisory

1) Privilege escalation

Description

The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.

The weakness exists due to access control flaw in the web interface. A remote read-only administrative attacker can gain write privileges to modify the appliance settings and policy configuration and perform arbitrary management tasks via the management console.

Remediation

The vulnerability is addressed in the following versions: 6.5.10.6, 6.6.5.8, 6.7.1.2.

External links

https://www.symantec.com/security-center/network-protection-security-advisories/SA146

Back to List