4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
Blue Coat products that include a vulnerable version of an operating system that supports RFC 5961 are susceptible to a TCP session hijacking vulnerability. A remote, off-path attacker can infer the sequence numbers of an existing TCP connection, and either reset the connection or inject arbitrary data.
The following products are vulnerable:
CVE |Affected Version(s)|Remediation
CVE-2016-5696 | 2.1 and later | Not vulnerable, fixed in 2.1.1.1
1.3 | Upgrade to 1.3.7.3.
CVE |Affected Version(s)|Remediation
CVE-2016-5696 | 1.1 | Not available at this time
CVE |Affected Version(s)|Remediation
CVE-2016-5696 | 4.2 | Upgrade to 4.2.11.
CVE |Affected Version(s)|Remediation
CVE-2016-5696 | 1.8 and later | Not vulnerable, fixed in 1.8.1.1
1.7 | Upgrade to 1.7.2.1.
1.6 | Upgrade to later release with fixes.
1.5 | Upgrade to later release with fixes.
CVE |Affected Version(s)|Remediation
CVE-2016-5696 | 5.4 and later | Not vulnerable, fixed in 5.4.1
5.3 | Upgrade to later release with fixes.
CVE |Affected Version(s)|Remediation
CVE-2016-5696 | 5.3 | A fix will not be provided.
CVE |Affected Version(s)|Remediation
CVE-2016-5696 | 5.3 | A fix will not be provided. Customers who use NSP for USB cleaning can switch to a version of ICSP with fixes.
CVE |Affected Version(s)|Remediation
CVE-2016-5696 | 11.7 and later | Not vulnerable, fixed in 11.7.1.1
11.6 | Upgrade to 11.6.2.1.
11.2, 11.3, 11.4, 11.5 | Upgrade to later release with fixes.
CVE |Affected Version(s)|Remediation
CVE-2016-5696 | 1.1 | Upgrade to 1.1.3.1.
CVE |Affected Version(s)|Remediation
CVE-2016-5696 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1.
10.1 | Upgrade to 10.1.5.1.
9.5 | Not vulnerable
9.4 | Not vulnerable
CVE |Affected Version(s)|Remediation
CVE-2016-5696 | 7.3 and later | Not vulnerable, fixed in 7.3.1.
7.2 | Upgrade to 7.2.2.
7.1 | Not vulnerable
6.6 | Not vulnerable
CVE |Affected Version(s)|Remediation
CVE-2016-5696 | 3.11 and later | Not vulnerable, fixed in 3.11.1.1
3.10 | Not available at this time
3.9 | Upgrade to 3.9.7.1.
3.8.4FC | Upgrade to later release with fixes.
The following products have a vulnerable version of an operating system that supports RFC 5961, but are not vulnerable to known vectors of attack:
CVE |Affected Version(s)|Remediation
CVE-2016-5696 | 6.7 and later | Not vulnerable, fixed in 6.7.2.1
6.6 | Upgrade to 6.6.5.4.
The following products are not vulnerable:
Android Mobile Agent
AuthConnector
BCAAA
Blue Coat HSM Agent for the Luna SP
CacheFlow
Client Connector
Cloud Data Protection for Salesforce
Cloud Data Protection for Salesforce Analytics
Cloud Data Protection for ServiceNow
Cloud Data Protection for Oracle CRM On Demand
Cloud Data Protection for Oracle Field Service Cloud
Cloud Data Protection for Oracle Sales Cloud
Cloud Data Protection Integration Server
Cloud Data Protection Communication Server
Cloud Data Protection Policy Builder
Director
General Auth Connector Login Application
IntelligenceCenter
IntelligenceCenter Data Collector
K9
PacketShaper
PolicyCenter
ProxyAV
ProxyAV ConLog and ConLogXP
ProxyClient
ProxySG
X-Series XOS
Unified Agent
Web Isolation
Blue Coat no longer provides vulnerability information for the following products:
DLP
Please, contact Digital Guardian technical support regarding vulnerability information for DLP.
Severity / CVSSv2 | Medium / 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) References| SecurityFocus: BID 91704 / NVD: CVE-2016-5696 Impact| Denial of service, unauthorized data modification Description | A side channel flaw in TCP packet handling allows a remote attacker to send spoofed packets and hijack a TCP connection. The attacker can reset the connection or inject arbitrary data.
This Security Advisory addresses TCP session hijacking vulnerabilities in operating systems that support RFC 5961 - Improving TCPโs Robustness to Blind In-Window Attacks. RFC 5961 provides defenses against the following blind in-window attacks that affect the original TCP protocol specified in RFC 793 - Transmission Control Protocol:
According to RFC 793, TCP hosts that receive one of the packets above only need to verify that the packetโs sequence number is within the targetโs receive window. An attacker can successfully perform these attacks if they can guess sequence numbers within the targetโs receive window. RFC 5961 tightens the sequence number checks as follows:
RFC 5961 specifies a challenge ACK throttling mechanism to control the rate of outgoing challenge ACK packets and prevent them from consuming the target hostโs CPU and bandwidth resources. The throttling mechanism uses a global, system-wide counter to control the rate of challenge ACK packets among all existing network connections on the system. The counter is configurable, but uses a well-known default value N.
Security researchers have discovered that the global challenge ACK counter exposes a side channel for inferring TCP sequence numbers and hijacking existing TCP connections:
After guessing the TCP connectionโs sequence numbers, the attacker can reset the connection or inject arbitrary data.
Off-Path TCP Exploits: Global Rate Limit Considered Dangerous - <http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf>
RFC 5961 - Improving TCPโs Robustness to Blind In-Window Attacks - <https://tools.ietf.org/html/rfc5961>
RFC 793 - Transmission Control Protocol - <https://tools.ietf.org/html/rfc793>
2020-04-23 A fix will not be provided in Industrial Control System Protection (ICSP) 5.3. Please upgrade to a later release with the vulnerability fixes. Advisory status changed to Closed.
2019-10-02 Web Isolation is not vulnerable.
2019-09-21 SA 8.0 is not vulnerable. ICSP 5.4 is not vulnerable because a fix is available in 5.4.1.
2018-08-03 Customers who use NSP for USB cleaning can switch to a version of Industrial Control System Protection (ICSP) with fixes.
2018-06-29 A fix for Norman Shark Network Protection (NNP) 5.3 and Norman Shark SCADA Protection (NSP) 5.3 will not be provided.
2018-04-22 PacketShaper S-Series 11.10 is not vulnerable.
2017-11-06 ASG 6.7 is not vulnerable because a fix is available in 6.7.2.1.
2017-08-02 SSLV 4.1 is not vulnerable.
2017-07-24 PacketShaper S-Series 11.9 is not vulnerable.
2017-07-20 MC 1.10 is not vulnerable.
2017-06-22 Security Analytics 7.3 is not vulnerable.
2017-06-05 PacketShaper S-Series 11.8 is not vulnerable.
2017-05-18 CAS 2.1 is not vulnerable.
2017-03-30 MC 1.9 is not vulnerable.
2017-03-29 A fix for ASG 6.6 is available in 6.6.5.4.
2017-03-08 MC 1.8 is not vulnerable. ProxySG 6.7 is not vulnerable. SSLV 4.0 is not vulnerable. A fix for PolicyCenter S-Series is available in 1.1.3.1. Vulnerability inquiries for DLP should be addressed to Digital Guardian technical support.
2017-01-25 A fix for Security Analytics 7.2 is available in 7.2.2.
2017-01-24 A fix for CAS 1.3 is available in 1.3.7.3.
2017-01-13 A fix in SSLV 3.9 is available in 3.9.7.1.
2017-01-10 A fix for Reporter 10.1 is available in 10.1.5.1.
2016-12-19 A fix for MAA is available in 4.2.11.
2016-12-02 A fix is available in SSLV 3.11.1.1.
2016-12-02 PacketShaper S-Series 11.7 is not vulnerable.
2016-11-17 Cloud Data Protection for Oracle Field Service Cloud is not vulnerable.
2016-11-14 MC 1.7 is vulnerable and a fix for MC 1.7 is available in 1.7.2.1.
2016-11-11 SSLV 3.10 is vulnerable. A fix is not available at this time.
2016-11-04 A fix for PacketShaper S-Series is available in 11.6.2.1.
2016-09-14 initial public release
2016-09-15 ASG has a vulnerable version of an operating system that supports RFC 5961, but is not vulnerable to known vectors of attack.
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P