High severity7.2NVD Advisory· Published Apr 5, 2017· Updated May 13, 2026

CVE-2016-9091

Description

Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges.

Affected products

Bluecoat/Advanced Secure Gateway
cpe:2.3:a:bluecoat:advanced_secure_gateway:*:*:*:*:*:*:*:*
Range: <=6.6.5.2
Bluecoat/Content Analysis System Software
cpe:2.3:a:bluecoat:content_analysis_system_software:*:*:*:*:*:*:*:*
Range: <=1.3.7.3
Symantec Corporation/Blue Coat ASGv5
Range: 6.6 prior to 6.6.5.4
Symantec Corporation/Blue Coat CASv5
Range: 1.3 prior to 1.3.7.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/97372nvdThird Party AdvisoryVDB Entry
bto.bluecoat.com/security-advisory/sa138nvdMitigationVendor Advisory
www.exploit-db.com/exploits/41785/nvd
www.exploit-db.com/exploits/41786/nvd

News mentions

No linked articles in our index yet.

cvss	0.468
epss	0.029
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000