CVE-2016-9091

HIGH

Blue Coat ASG <6.6.5.4 & CAS <1.3.7.4 - Command Injection

Title source: llm

Description

Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Chris Hebert · rubyremotelinux

https://www.exploit-db.com/exploits/41785

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Chris Hebert · rubylocallinux

https://www.exploit-db.com/exploits/41786

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97372

[Mitigation, Vendor Advisory] https://bto.bluecoat.com/security-advisory/sa138

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/41785/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/41786/

Scores

CVSS v3 7.2

EPSS 0.3651

EPSS Percentile 97.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (4)

bluecoat/advanced_secure_gateway < 6.6.5.2

bluecoat/content_analysis_system_software < 1.3.7.3

Symantec Corporation/Blue Coat ASG 6.6 prior to 6.6.5.4

Symantec Corporation/Blue Coat CAS 1.3 prior to 1.3.7.4

Published Apr 05, 2017

Tracked Since Feb 18, 2026