CVE-2014-2033

The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification by leveraging knowledge of previously valid credentials.

CVSS v2.0 7.9 HIGH

7.9^/10

CVSS v2.0 : HIGH

Vector : AV:A/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 5.5 / Impact : 10.0

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.kb.cert.org/vuls/id/221620	US Government Resource
https://kb.bluecoat.com/index?page=content&id=SA77	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:bluecoat:proxysgos::::::::
	cpe:2.3:o:bluecoat:proxysgos::::::::
	cpe:2.3:o:bluecoat:proxysgos::::::::
	cpe:2.3:o:bluecoat:proxysgos::::::::
	cpe:2.3:o:bluecoat:proxysgos::::::::
	cpe:2.3:o:bluecoat:proxysgos:6.3:::::::*

History

No history.

Information

Published : 2014-03-02 17:55

Updated : 2024-02-04 18:35

NVD link : CVE-2014-2033

Mitre link : CVE-2014-2033

CVE.ORG link : CVE-2014-2033

JSON object : View

Products Affected

bluecoat

proxysgos

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2014-2033", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.9, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 5.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-03-02T17:55:02.893", "references": [{"url": "http://www.kb.cert.org/vuls/id/221620", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "https://kb.bluecoat.com/index?page=content&id=SA77", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification by leveraging knowledge of previously valid credentials."}, {"lang": "es", "value": "La funcionalidad de cacheo en SGOS en Blue Coat ProxySG 5.5 hasta 5.5.11.3, 6.1 hasta 6.1.6.3, 6.2 hasta 6.2.15.3, 6.4 hasta 6.4.6.1 y 6.3 y 6.5 anterior a 6.5.4 permite a usuarios remotos autenticados evadir restricciones de acceso durante una ventana de tiempo despu\u00e9s del borrado o modificaci\u00f3n de cuenta mediante el aprovechamiento de conocimiento de credenciales anteriormente validos."}], "lastModified": "2018-12-12T16:59:37.883", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bluecoat:proxysgos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFC09402-BB52-4A29-8875-80CD3702F15C", "versionEndIncluding": "5.5.11.3", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:bluecoat:proxysgos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A19413F5-6223-4D98-B2E4-9BA73175DC45", "versionEndIncluding": "6.1.6.3", "versionStartIncluding": "6.1"}, {"criteria": "cpe:2.3:o:bluecoat:proxysgos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3511EC7D-9A5B-4867-A987-98AE342D486F", "versionEndIncluding": "6.2.15.3", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:bluecoat:proxysgos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE01D1A6-31D0-499D-ACF0-22E7CB022D5C", "versionEndIncluding": "6.4.6.1", "versionStartIncluding": "6.4"}, {"criteria": "cpe:2.3:o:bluecoat:proxysgos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED0D8A5F-0DE5-448D-A4F2-7D64214269EF", "versionEndExcluding": "6.5.4", "versionStartIncluding": "6.5"}, {"criteria": "cpe:2.3:o:bluecoat:proxysgos:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F750EA19-F0BD-4B43-9DE9-9EA041DF12C2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}