Privilege escalation in ProxySG - CVE-2016-9097
Published: October 31, 2017
Vulnerability identifier: #VU9013
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-9097
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Blue Coat Systems
Affected software:
ProxySG
ProxySG
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The weakness exists due to access control flaw in the web interface. A remote read-only administrative attacker can gain write privileges to modify the appliance settings and policy configuration and perform arbitrary management tasks via the management console.
The weakness exists due to access control flaw in the web interface. A remote read-only administrative attacker can gain write privileges to modify the appliance settings and policy configuration and perform arbitrary management tasks via the management console.
How to mitigate CVE-2016-9097
The vulnerability is addressed in the following versions: 6.5.10.6, 6.6.5.8, 6.7.1.2.