CVE-2016-9091

high-risk

Published 2017-04-05

Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges.

Do I need to act?

36.5% chance of exploitation in next 30 days

EPSS score — higher than 63% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

2 public exploits available

41786, 41785

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.2/10 High

NETWORK / LOW complexity

Affected Products (2)

Advanced Secure Gateway

Content Analysis System Software

Affected Vendors

Bluecoat

References (8)

Third Party Advisory http://www.securityfocus.com/bid/97372

Mitigation https://bto.bluecoat.com/security-advisory/sa138

https://www.exploit-db.com/exploits/41785/

https://www.exploit-db.com/exploits/41786/

Third Party Advisory http://www.securityfocus.com/bid/97372

Mitigation https://bto.bluecoat.com/security-advisory/sa138

https://www.exploit-db.com/exploits/41785/

https://www.exploit-db.com/exploits/41786/

/ 100

high-risk

Severity 26/34 · High

Exploitability 23/34 · High

Exposure 7/34 · Low