Vulnerability Report

CVE-2016-9091

RCE

Title: Bluecoat Advanced Secure Gateway RCE

RCE

Proof Of Concept

PoC Available for CVE-2016-9091

CWE Category CWE-78

Published Date Apr 05, 2017

Modified Date May 13, 2026

Exploit Status Available

Score 7.2 CVSS v3.0

Exploit Probability (EPSS)

36.51%

Vulnerability Summary

CVE-2016-9091: Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges.

Impacted Vendors

bluecoat 2

broadcom 1

Reference Links

http://www.securityfocus.com/bid/97372 https://bto.bluecoat.com/security-advisory/sa138 https://www.exploit-db.com/exploits/41785/ https://www.exploit-db.com/exploits/41786/ http://www.securityfocus.com/bid/97372 https://bto.bluecoat.com/security-advisory/sa138 https://www.exploit-db.com/exploits/41785/ https://www.exploit-db.com/exploits/41786/

CVSS v3.0

Source Entity [email protected]

Severity HIGH

7.2

Attack Vector

NETWORK

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

Source Entity [email protected]

Severity HIGH

9.0

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:L/Au:S/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2016-9091 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/41786

View Code

Exploit-DB https://www.exploit-db.com/exploits/41785

View Code

May 13, 2026 MODIFIED