Published: 05/04/2017 Updated: 16/08/2017

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 910

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Blue Coat Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.4 and Content Analysis System (CAS) 1.3 prior to 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bluecoat advanced secure gateway
bluecoat content analysis system software

# Exploit Title: OS Command Injection Vulnerability in BlueCoat ASG and CAS # Date: April 3, 2017 # Exploit Authors: Chris Hebert, Peter Paccione and Corey Boyd # Contact: chrisdhebert[at]gmailcom # Vendor Security Advisory: btobluecoatcom/security-advisory/sa138 # Version: CAS 13 prior to 1374 & ASG 66 prior to 6654 are vul ...

Repository for 3 BlueCoat metasploit modules

BlueCoat_exploits Here are 3 metasploit modules I wrote for 3 POC zero-day vulnerablities my team and I discovered and published on exploit-db on April 3, 2017 bluecoat_emailreport_execrb ---> wwwexploit-dbcom/exploits/41785/ bluecoat_sudo_troubleshootingrb ---> wwwexploit-dbcom/exploits/41786/ bluecoat_sudo_updatecronrb ---> (note

CWE-78 https://bto.bluecoat.com/security-advisory/sa138 http://www.securityfocus.com/bid/97372 https://www.exploit-db.com/exploits/41786/https://www.exploit-db.com/exploits/41785/https://nvd.nist.gov https://github.com/mvdevnull/BlueCoat_exploits https://www.exploit-db.com/exploits/41785/

CVE-2016-9091

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect