7.9 High
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:M/Au:N/C:C/I:C/A:C
0.003 Low
EPSS
Percentile
65.3%
Changes to Blue Coat ProxySG local users do not take effect immediately, giving an attacker with known credentials a window of opportunity to use those credentials even if the user was deleted or the password was changed. (CWE-361)
Blue Coat Security Advisory SA77 states:
SGOS supports multiple types of authentication realms for authenticating administrative and proxy users. Most authentication realms use remote authentication databases. Locally defined users and user lists are in the local authentication realm. The local authentication realm is typically used for administrative and console access, but can be used for proxy users as well.
When local users change their password, are deleted, or are removed from or added to a user list, changes may take up to 15 minutes to take effect due to caching. If another password-related event (such as a correct login with the new password or a rejected login due to incorrect password) occurs, the time for changes to take effect may be shorter.
An attacker who knows the account password can exploit this gap to gain unauthorized administrative access through the Management Console, or the SSH or serial console if the local realm is used for console access. A deleted user would continue to have network access for up to 15 minutes.
Additional details may be found in the full Blue Coat Security Advisory.
An attacker with knowledge of existing credentials may be able to log in as that user even after the account was deleted. If the local realm is used for console access then the credentials may be used to compromise administrative access.
Apply an Update
Apply the appropriate patch for the affected version in use.
* ProxySG 6.5 – A fix is available in 6.5.4 and later.
* ProxySG 6.4 – A fix is not yet available as of 6.4.6.1.
* ProxySG 6.3 – Please upgrade to a later version.
* ProxySG 6.2 – A fix is not yet available as of 6.2.15.3.
* ProxySG 6.1 – A fix is not yet available as of 6.1.6.3.
* ProxySG 5.5 – A fix is not yet available as of 5.5.11.3.
* ProxySG 5.4 and earlier – Please upgrade to a later version.
After changing a password, immediately log in with the new password or attempt to log in with an incorrect password.
* After disabling an account, immediately attempt to use that account with an incorrect password.
* Use non-local realm authentication types such as LDAP, certificate, and SAML.
221620
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: February 28, 2014
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 7.4 | AV:A/AC:M/Au:S/C:C/I:C/A:C |
Temporal | 6.1 | E:F/RL:OF/RC:C |
Environmental | 4.6 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
Thanks to Blue Coat for reporting this vulnerability.
This document was written by Jared Allar.
CVE IDs: | CVE-2014-2033 |
---|---|
Date Public: | 2014-02-21 Date First Published: |