Blue Coat ProxySG Local User Modification Race Condition

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote device is potentially affected by a race condition issue.

Description :

The remote Blue Coat ProxySG device's SGOS self-reported version is
prior to 6.5.4.0. It is, therefore, potentially affected by a race
condition issue during the time before the new changes take effect after
a local user account modification due to configuration caching. User
account modifications include password changes, user account deletion,
or the addition or removal of a user account to a user list.

Note that this issue only affects user accounts using local realm
authentication.

See also :

https://kb.bluecoat.com/index?page=content&id=SA77

Solution :

Upgrade to version 6.5.4.0 or refer to the vendor.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 6.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Firewalls

Nessus Plugin ID: 72726 ()

Bugtraq ID: 66054

CVE ID: CVE-2014-2033