VAR-201008-0399
Vulnerability from variot - Updated: 2022-05-17 01:45Blue Coat ProxySG is a proxy device platform that helps organizations accelerate and protect applications in distributed networks. An administrator limit value with only read permissions allows a small number of commands to be run, the ProxySG configuration cannot be changed, and the commands entered in the management console and CLI are restricted in the ProxySG. An attacker can send commands through an HTTPS URL, bypassing permission restrictions, and allowing administrators with only read permissions to execute all administrator commands. Blue Coat ProxySG is prone to a remote security-bypass vulnerability. A successful attack will result in the complete compromise of an affected appliance. This issue affects the following versions: Blue Coat ProxySG 5.5 Blue Coat ProxySG 5.4 Blue Coat ProxySG 5.3 Blue Coat ProxySG 4.3 Blue Coat ProxySG 4.2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201008-0399",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proxysg",
"scope": "eq",
"trust": 0.6,
"vendor": "blue coat",
"version": "4.2"
},
{
"model": "proxysg",
"scope": "eq",
"trust": 0.6,
"vendor": "blue coat",
"version": "4.3"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.5"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.4"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.3"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.3"
},
{
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2"
},
{
"model": "coat systems proxysg",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "5.5.3.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1615"
},
{
"db": "BID",
"id": "42490"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Thierry Zoller",
"sources": [
{
"db": "BID",
"id": "42490"
}
],
"trust": 0.3
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Blue Coat ProxySG is a proxy device platform that helps organizations accelerate and protect applications in distributed networks. An administrator limit value with only read permissions allows a small number of commands to be run, the ProxySG configuration cannot be changed, and the commands entered in the management console and CLI are restricted in the ProxySG. An attacker can send commands through an HTTPS URL, bypassing permission restrictions, and allowing administrators with only read permissions to execute all administrator commands. Blue Coat ProxySG is prone to a remote security-bypass vulnerability. A successful attack will result in the complete compromise of an affected appliance. \nThis issue affects the following versions:\nBlue Coat ProxySG 5.5\nBlue Coat ProxySG 5.4\nBlue Coat ProxySG 5.3\nBlue Coat ProxySG 4.3\nBlue Coat ProxySG 4.2",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1615"
},
{
"db": "BID",
"id": "42490"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "42490",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2010-1615",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1615"
},
{
"db": "BID",
"id": "42490"
}
]
},
"id": "VAR-201008-0399",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1615"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1615"
}
]
},
"last_update_date": "2022-05-17T01:45:43.336000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Blue Coat ProxySG privilege restricts remote security bypass vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/828"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1615"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa45http"
},
{
"trust": 0.3,
"url": "http://www.bluecoat.com/products/sg"
},
{
"trust": 0.3,
"url": "http://www.bluecoat.com"
},
{
"trust": 0.3,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa45"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1615"
},
{
"db": "BID",
"id": "42490"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-1615"
},
{
"db": "BID",
"id": "42490"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-08-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1615"
},
{
"date": "2010-08-16T00:00:00",
"db": "BID",
"id": "42490"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-08-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1615"
},
{
"date": "2010-08-16T00:00:00",
"db": "BID",
"id": "42490"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "42490"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Blue Coat ProxySG Privilege Restricted Remote Security Bypass Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1615"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "42490"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…