Vulnerability Description
Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bluecoat | Advanced Secure Gateway | <= 6.6.5.2 |
| Bluecoat | Content Analysis System Software | <= 1.3.7.3 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/97372Third Party AdvisoryVDB Entry
- https://bto.bluecoat.com/security-advisory/sa138MitigationVendor Advisory
- https://www.exploit-db.com/exploits/41785/
- https://www.exploit-db.com/exploits/41786/
- http://www.securityfocus.com/bid/97372Third Party AdvisoryVDB Entry
- https://bto.bluecoat.com/security-advisory/sa138MitigationVendor Advisory
- https://www.exploit-db.com/exploits/41785/
- https://www.exploit-db.com/exploits/41786/
FAQ
What is CVE-2016-9091?
CVE-2016-9091 is a vulnerability with a CVSS score of 7.2 (HIGH). Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious adm...
How severe is CVE-2016-9091?
CVE-2016-9091 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-9091?
Check the references section above for vendor advisories and patch information. Affected products include: Bluecoat Advanced Secure Gateway, Bluecoat Content Analysis System Software.