#VU9013 Privilege escalation in ProxySG - CVE-2016-9097
Published: October 31, 2017
Vulnerability identifier: #VU9013
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-9097
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
ProxySG
ProxySG
Software vendor:
Blue Coat Systems
Blue Coat Systems
Description
The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The weakness exists due to access control flaw in the web interface. A remote read-only administrative attacker can gain write privileges to modify the appliance settings and policy configuration and perform arbitrary management tasks via the management console.
The weakness exists due to access control flaw in the web interface. A remote read-only administrative attacker can gain write privileges to modify the appliance settings and policy configuration and perform arbitrary management tasks via the management console.
Remediation
The vulnerability is addressed in the following versions: 6.5.10.6, 6.6.5.8, 6.7.1.2.