Privilege escalation in BlueCoat ProxySG

Published: 2017-10-31
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2016-9097
Exploitation vector Network
Public exploit N/A
Vulnerable software
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor Blue Coat Systems

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Privilege escalation


Risk: Low


CVE-ID: CVE-2016-9097

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No


The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.

The weakness exists due to access control flaw in the web interface. A remote read-only administrative attacker can gain write privileges to modify the appliance settings and policy configuration and perform arbitrary management tasks via the management console.


The vulnerability is addressed in the following versions:,,

Vulnerable software versions

ProxySG: 6.5 - 6.7

CPE2.3 External links

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?