Detections
Analytics

Blue Coat ProxySG Local User Modification Race Condition

high Nessus Plugin ID 72726

Language:

Synopsis

The remote device is potentially affected by a race condition issue.

Description

The remote Blue Coat ProxySG device's SGOS self-reported version is prior to 6.5.4.0. It is, therefore, potentially affected by a race condition issue during the time before the new changes take effect after a local user account modification due to configuration caching. User account modifications include password changes, user account deletion, or the addition or removal of a user account to a user list.

Note that this issue only affects user accounts using local realm authentication.

Solution

Upgrade to version 6.5.4.0 or refer to the vendor.

See Also

http://web.archive.org/web/20140323100022/https://kb.bluecoat.com/index?page=content&id=SA77

Plugin Details

Severity: High

ID: 72726

File Name: bluecoat_proxy_sg_6_5_4.nasl

Version: 1.11

Type: local

Family: Firewalls

Published: 2/27/2014

Updated: 11/26/2019

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.9

Temporal Score: 5.8

Vector: CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2014-2033

Vulnerability Information

CPE: cpe:/o:bluecoat:sgos

Required KB Items: Settings/ParanoidReport, Host/BlueCoat/ProxySG/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 2/21/2014

Vulnerability Publication Date: 2/21/2014

Reference Information

CVE: CVE-2014-2033

BID: 66054

CERT: 221620