CVE-2015-4523
high-risk
Published 2017-09-11
Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute arbitrary code via vectors related to saving files during analysis.
Do I need to act?
~
5.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.3/10
Critical
LOCAL
/ LOW complexity
Affected Products (2)
Affected Vendors
References (2)
Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa97
Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa97
50
/ 100
high-risk
Severity
28/34 · Critical
Exploitability
15/34 · Moderate
Exposure
7/34 · Low