Multiple Bluecoat Products CVE-2016-9091 Command Injection Vulnerability

Multiple Bluecoat Products are prone to command-injection vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary OS commands on the affected system with elevated system privileges. This may aid in further attacks.

The following products are affected:

Advanced Secure Gateway 6.6 prior to 6.6.5.4 is vulnerable.
Content Analysis System 1.3 prior to 1.3.7.4 is vulnerable.

Information

Bugtraq ID: 97372
Class: Input Validation Error
CVE: CVE-2016-9091

Remote: Yes
Local: Yes
Published: Apr 03 2017 12:00AM
Credit: Peter Paccione, Chris Hebert, and Corey Boyd.
Vulnerable: Bluecoat Content Analysis System 1.3
Bluecoat Advanced Secure Gateway 6.6

Not Vulnerable: Bluecoat Content Analysis System 1.3.7.4
Bluecoat Advanced Secure Gateway 6.6.5.4

Exploit

The following exploit is available:

• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb
• /data/vulnerabilities/exploits/97372.rb

References:

• BlueCoat Homepage (BlueCoat)
  
• SA138: OS Command Injection Vulnerability in ASG and CAS (bluecoat)
  

Source: www.securityfocus.com