Vulnerability Details : CVE-2016-9097
The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges.
Products affected by CVE-2016-9097
- cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_proxysg:6.7:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_proxysg:6.5:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_proxysg:6.5.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_proxysg:6.5.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_proxysg:6.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_proxysg:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_proxysg:6.5.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.14:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_proxysg:6.5.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.10:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_proxysg:6.5.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_proxysg:6.6.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_proxysg:6.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_proxysg:6.6.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_proxysg:6.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_proxysg:6.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_proxysg:6.6.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_proxysg:6.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_proxysg:6.6.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_proxysg:6.6.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:symantec_proxysg:6.7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:advanced_secure_gateway:6.6.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-9097
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 59 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-9097
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.0
|
HIGH | AV:N/AC:L/Au:S/C:P/I:P/A:C |
8.0
|
8.5
|
NIST | |
7.2
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2016-9097
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-9097
-
https://www.symantec.com/security-center/network-protection-security-advisories/SA146
SA146: Improper User Authorization in ProxySG and ASGVendor Advisory
-
http://www.securityfocus.com/bid/101530
ProxySG and ASG CVE-2016-9097 Remote Authorization Bypass VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1039701
Blue Coat ProxySG Lets Remote Authenticated Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
Jump to