Vulnerabilites related to citrix - netscaler_gateway
cve-2020-8187
Vulnerability from cvelistv5
Published
2020-07-10 15:35
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack.
References
▼ | URL | Tags |
---|---|---|
https://support.citrix.com/article/CTX276688 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Citrix ADC, Citrix Gateway |
Version: 11.1-63.9, 12.0-62.10 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:56:28.243Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.citrix.com/article/CTX276688", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Citrix ADC, Citrix Gateway", vendor: "n/a", versions: [ { status: "affected", version: "11.1-63.9, 12.0-62.10", }, ], }, ], descriptions: [ { lang: "en", value: "Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "Improper Input Validation (CWE-20)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-10T15:35:56", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.citrix.com/article/CTX276688", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2020-8187", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Citrix ADC, Citrix Gateway", version: { version_data: [ { version_value: "11.1-63.9, 12.0-62.10", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Input Validation (CWE-20)", }, ], }, ], }, references: { reference_data: [ { name: "https://support.citrix.com/article/CTX276688", refsource: "MISC", url: "https://support.citrix.com/article/CTX276688", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2020-8187", datePublished: "2020-07-10T15:35:56", dateReserved: "2020-01-28T00:00:00", dateUpdated: "2024-08-04T09:56:28.243Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-3467
Vulnerability from cvelistv5
Published
2023-07-19 18:35
Modified
2024-10-24 17:43
Severity ?
EPSS score ?
Summary
Privilege Escalation to root administrator (nsroot)
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Citrix | NetScaler ADC |
Version: 13.1 Version: 13.0 Version: 13.1-FIPS Version: 12.1-FIPS Version: 12.1-NDcPP |
||||
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T06:55:03.548Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-3467", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-24T17:43:30.373172Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-24T17:43:49.602Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "NetScaler ADC ", vendor: "Citrix", versions: [ { lessThan: "49.13", status: "affected", version: "13.1", versionType: "patch", }, { lessThan: "91.13", status: "affected", version: "13.0", versionType: "patch", }, { lessThan: "37.159", status: "affected", version: "13.1-FIPS", versionType: "patch", }, { lessThan: "55.297", status: "affected", version: "12.1-FIPS", versionType: "patch", }, { lessThan: "55.297", status: "affected", version: "12.1-NDcPP", versionType: "patch", }, ], }, { defaultStatus: "unaffected", product: "NetScaler Gateway", vendor: "Citrix", versions: [ { lessThan: "49.13", status: "affected", version: "13.1", versionType: "patch", }, { lessThan: "91.13", status: "affected", version: "13.0", versionType: "patch", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">Privilege Escalation to root administrator (nsroot)</span><br>", }, ], value: "Privilege Escalation to root administrator (nsroot)\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-19T18:35:56.843Z", orgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", shortName: "Citrix", }, references: [ { url: "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", assignerShortName: "Citrix", cveId: "CVE-2023-3467", datePublished: "2023-07-19T18:35:56.843Z", dateReserved: "2023-06-29T21:04:13.952Z", dateUpdated: "2024-10-24T17:43:49.602Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6809
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2024-08-05 06:10
Severity ?
EPSS score ?
Summary
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system.
References
▼ | URL | Tags |
---|---|---|
https://support.citrix.com/article/CTX232161 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1040440 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:10:11.276Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.citrix.com/article/CTX232161", }, { name: "1040440", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040440", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-03-01T00:00:00", descriptions: [ { lang: "en", value: "NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-06T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.citrix.com/article/CTX232161", }, { name: "1040440", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040440", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-6809", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://support.citrix.com/article/CTX232161", refsource: "CONFIRM", url: "https://support.citrix.com/article/CTX232161", }, { name: "1040440", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040440", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-6809", datePublished: "2018-03-06T20:00:00", dateReserved: "2018-02-07T00:00:00", dateUpdated: "2024-08-05T06:10:11.276Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8194
Vulnerability from cvelistv5
Published
2020-07-10 15:38
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.
References
▼ | URL | Tags |
---|---|---|
https://support.citrix.com/article/CTX276688 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP |
Version: Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:56:27.601Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.citrix.com/article/CTX276688", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP", vendor: "n/a", versions: [ { status: "affected", version: "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7", }, ], }, ], descriptions: [ { lang: "en", value: "Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "Code Injection (CWE-94)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-10T15:38:54", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.citrix.com/article/CTX276688", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2020-8194", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP", version: { version_data: [ { version_value: "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Code Injection (CWE-94)", }, ], }, ], }, references: { reference_data: [ { name: "https://support.citrix.com/article/CTX276688", refsource: "MISC", url: "https://support.citrix.com/article/CTX276688", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2020-8194", datePublished: "2020-07-10T15:38:54", dateReserved: "2020-01-28T00:00:00", dateUpdated: "2024-08-04T09:56:27.601Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-4967
Vulnerability from cvelistv5
Published
2023-10-27 18:01
Modified
2024-08-02 07:44
Severity ?
EPSS score ?
Summary
Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Cloud Software Group | NetScaler ADC |
Version: 14.1 Version: 13.1 Version: 13.0 Version: 13.1-FIPS Version: 12.1-FIPS Version: 12.1-NDcPP |
||||
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:44:53.479Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.citrix.com/article/CTX579459/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "NetScaler ADC", vendor: "Cloud Software Group", versions: [ { lessThan: "8.50", status: "affected", version: "14.1", versionType: "patch", }, { lessThan: "49.15", status: "affected", version: "13.1", versionType: "patch", }, { lessThan: "92.19", status: "affected", version: "13.0", versionType: "patch", }, { lessThan: "37.164", status: "affected", version: "13.1-FIPS", versionType: "patch", }, { lessThan: "55.300", status: "affected", version: "12.1-FIPS", versionType: "patch", }, { lessThan: "55.300", status: "affected", version: "12.1-NDcPP", versionType: "patch", }, ], }, { defaultStatus: "unaffected", product: "NetScaler Gateway", vendor: "Cloud Software Group", versions: [ { lessThan: "8.50", status: "affected", version: "14.1", versionType: "patch", }, { lessThan: "49.15", status: "affected", version: "13.1", versionType: "patch", }, { lessThan: "92.19", status: "affected", version: "13.0", versionType: "patch", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server", }, ], value: "Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-27T18:01:59.707Z", orgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", shortName: "Citrix", }, references: [ { url: "https://support.citrix.com/article/CTX579459/", }, ], source: { discovery: "UNKNOWN", }, title: "Denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", assignerShortName: "Citrix", cveId: "CVE-2023-4967", datePublished: "2023-10-27T18:01:59.707Z", dateReserved: "2023-09-14T15:51:24.455Z", dateUpdated: "2024-08-02T07:44:53.479Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-6548
Vulnerability from cvelistv5
Published
2024-01-17 20:11
Modified
2024-08-02 08:35
Severity ?
EPSS score ?
Summary
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Cloud Software Group | NetScaler ADC |
Version: 14.1 Version: 13.1 Version: 13.0 Version: 13.1-FIPS Version: 12.1-FIPS Version: 12.1-NDcPP |
||||
|
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1:*:*:*:-:*:*:*", ], defaultStatus: "unknown", product: "netscaler_application_delivery_controller", vendor: "citrix", versions: [ { lessThan: "14.1-12.35", status: "affected", version: "14.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1:*:*:*:-:*:*:*", ], defaultStatus: "unknown", product: "netscaler_application_delivery_controller", vendor: "citrix", versions: [ { lessThan: "13.1-51.15", status: "affected", version: "13.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.0:*:*:*:-:*:*:*", ], defaultStatus: "unknown", product: "netscaler_application_delivery_controller", vendor: "citrix", versions: [ { lessThan: "13.0-92.21", status: "affected", version: "13.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1:*:*:*:fips:*:*:*", ], defaultStatus: "unknown", product: "netscaler_application_delivery_controller", vendor: "citrix", versions: [ { lessThan: "13.1-37.176", status: "affected", version: "13.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1:*:*:*:fips:*:*:*", ], defaultStatus: "unknown", product: "netscaler_application_delivery_controller", vendor: "citrix", versions: [ { lessThan: "12.1-55.302", status: "affected", version: "12.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1:*:*:*:ndcpp:*:*:*", ], defaultStatus: "unknown", product: "netscaler_application_delivery_controller", vendor: "citrix", versions: [ { lessThan: "12.1-55.302", status: "affected", version: "12.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:citrix:netscaler_gateway:14.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "netscaler_gateway", vendor: "citrix", versions: [ { lessThan: "14.1-12.35", status: "affected", version: "14.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:citrix:netscaler_gateway:13.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "netscaler_gateway", vendor: "citrix", versions: [ { lessThan: "13.1-51.15", status: "affected", version: "13.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:citrix:netscaler_gateway:13.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "netscaler_gateway", vendor: "citrix", versions: [ { lessThan: "13.0-92.21", status: "affected", version: "13.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-6548", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-01-18T14:00:57.375485Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2024-01-17", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-6548", }, type: "kev", }, }, ], providerMetadata: { dateUpdated: "2024-06-25T17:14:26.335Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T08:35:14.029Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "NetScaler ADC ", vendor: "Cloud Software Group", versions: [ { lessThan: "12.35", status: "affected", version: "14.1", versionType: "patch", }, { lessThan: "51.15", status: "affected", version: "13.1", versionType: "patch", }, { lessThan: "92.21", status: "affected", version: "13.0 ", versionType: "patch", }, { lessThan: "37.176", status: "affected", version: " 13.1-FIPS", versionType: "patch", }, { lessThan: "55.302", status: "affected", version: "12.1-FIPS", versionType: "patch", }, { lessThan: "55.302", status: "affected", version: "12.1-NDcPP", versionType: "patch", }, ], }, { defaultStatus: "unaffected", product: "NetScaler Gateway", vendor: "Cloud Software Group", versions: [ { lessThan: "12.35", status: "affected", version: "14.1", versionType: "patch", }, { lessThan: "51.15", status: "affected", version: "13.1", versionType: "patch", }, { lessThan: "92.21", status: "affected", version: "13.0", versionType: "patch", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway <span style=\"background-color: rgb(255, 255, 255);\">allows an attacker with<span style=\"background-color: rgb(255, 255, 255);\"> access</span><span style=\"background-color: rgb(255, 255, 255);\"> to NSIP, CLIP or SNIP with management interface to perform</span> <span style=\"background-color: rgb(255, 255, 255);\">Authenticated (low privileged) remote code execution on Management Interface.</span></span></span>", }, ], value: "Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-18T01:12:54.917Z", orgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", shortName: "Citrix", }, references: [ { url: "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", assignerShortName: "Citrix", cveId: "CVE-2023-6548", datePublished: "2024-01-17T20:11:18.462Z", dateReserved: "2023-12-06T11:01:54.643Z", dateUpdated: "2024-08-02T08:35:14.029Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-7219
Vulnerability from cvelistv5
Published
2017-04-13 14:00
Modified
2024-08-05 15:56
Severity ?
EPSS score ?
Summary
A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors.
References
▼ | URL | Tags |
---|---|---|
https://support.citrix.com/article/CTX222657 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1038283 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/97626 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:56:36.058Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.citrix.com/article/CTX222657", }, { name: "1038283", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038283", }, { name: "97626", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/97626", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-04-13T00:00:00", descriptions: [ { lang: "en", value: "A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.citrix.com/article/CTX222657", }, { name: "1038283", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038283", }, { name: "97626", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/97626", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-7219", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://support.citrix.com/article/CTX222657", refsource: "CONFIRM", url: "https://support.citrix.com/article/CTX222657", }, { name: "1038283", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038283", }, { name: "97626", refsource: "BID", url: "http://www.securityfocus.com/bid/97626", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-7219", datePublished: "2017-04-13T14:00:00", dateReserved: "2017-03-21T00:00:00", dateUpdated: "2024-08-05T15:56:36.058Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8196
Vulnerability from cvelistv5
Published
2020-07-10 15:39
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
References
▼ | URL | Tags |
---|---|---|
https://support.citrix.com/article/CTX276688 | x_refsource_MISC | |
http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP |
Version: Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:56:28.236Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.citrix.com/article/CTX276688", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP", vendor: "n/a", versions: [ { status: "affected", version: "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7", }, ], }, ], descriptions: [ { lang: "en", value: "Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "Improper Access Control - Generic (CWE-284)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-11-13T17:06:17", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.citrix.com/article/CTX276688", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2020-8196", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP", version: { version_data: [ { version_value: "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Access Control - Generic (CWE-284)", }, ], }, ], }, references: { reference_data: [ { name: "https://support.citrix.com/article/CTX276688", refsource: "MISC", url: "https://support.citrix.com/article/CTX276688", }, { name: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2020-8196", datePublished: "2020-07-10T15:39:54", dateReserved: "2020-01-28T00:00:00", dateUpdated: "2024-08-04T09:56:28.236Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-18225
Vulnerability from cvelistv5
Published
2019-10-21 17:09
Modified
2024-08-05 01:47
Severity ?
EPSS score ?
Summary
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name.
References
▼ | URL | Tags |
---|---|---|
https://support.citrix.com/article/CTX261055 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:47:14.102Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.citrix.com/article/CTX261055", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-21T17:09:23", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.citrix.com/article/CTX261055", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-18225", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://support.citrix.com/article/CTX261055", refsource: "MISC", url: "https://support.citrix.com/article/CTX261055", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-18225", datePublished: "2019-10-21T17:09:23", dateReserved: "2019-10-21T00:00:00", dateUpdated: "2024-08-05T01:47:14.102Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8193
Vulnerability from cvelistv5
Published
2020-07-10 15:38
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.
References
▼ | URL | Tags |
---|---|---|
https://support.citrix.com/article/CTX276688 | x_refsource_MISC | |
http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP |
Version: Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:56:27.459Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.citrix.com/article/CTX276688", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP", vendor: "n/a", versions: [ { status: "affected", version: "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7", }, ], }, ], descriptions: [ { lang: "en", value: "Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "Improper Access Control - Generic (CWE-284)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-11-13T17:06:16", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.citrix.com/article/CTX276688", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2020-8193", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP", version: { version_data: [ { version_value: "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Access Control - Generic (CWE-284)", }, ], }, ], }, references: { reference_data: [ { name: "https://support.citrix.com/article/CTX276688", refsource: "MISC", url: "https://support.citrix.com/article/CTX276688", }, { name: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2020-8193", datePublished: "2020-07-10T15:38:28", dateReserved: "2020-01-28T00:00:00", dateUpdated: "2024-08-04T09:56:27.459Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8198
Vulnerability from cvelistv5
Published
2020-07-10 15:39
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).
References
▼ | URL | Tags |
---|---|---|
https://support.citrix.com/article/CTX276688 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP |
Version: Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:56:27.527Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.citrix.com/article/CTX276688", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP", vendor: "n/a", versions: [ { status: "affected", version: "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7", }, ], }, ], descriptions: [ { lang: "en", value: "Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Cross-site Scripting (XSS) - Stored (CWE-79)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-10T15:39:14", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.citrix.com/article/CTX276688", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2020-8198", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP", version: { version_data: [ { version_value: "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-site Scripting (XSS) - Stored (CWE-79)", }, ], }, ], }, references: { reference_data: [ { name: "https://support.citrix.com/article/CTX276688", refsource: "MISC", url: "https://support.citrix.com/article/CTX276688", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2020-8198", datePublished: "2020-07-10T15:39:14", dateReserved: "2020-01-28T00:00:00", dateUpdated: "2024-08-04T09:56:27.527Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-5314
Vulnerability from cvelistv5
Published
2018-03-01 17:00
Modified
2024-08-05 05:33
Severity ?
EPSS score ?
Summary
Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1040439 | vdb-entry, x_refsource_SECTRACK | |
https://support.citrix.com/article/CTX232199 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/103186 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T05:33:44.080Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1040439", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040439", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.citrix.com/article/CTX232199", }, { name: "103186", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/103186", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-02-28T00:00:00", descriptions: [ { lang: "en", value: "Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-02T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1040439", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040439", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.citrix.com/article/CTX232199", }, { name: "103186", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/103186", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-5314", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1040439", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040439", }, { name: "https://support.citrix.com/article/CTX232199", refsource: "CONFIRM", url: "https://support.citrix.com/article/CTX232199", }, { name: "103186", refsource: "BID", url: "http://www.securityfocus.com/bid/103186", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-5314", datePublished: "2018-03-01T17:00:00", dateReserved: "2018-01-09T00:00:00", dateUpdated: "2024-08-05T05:33:44.080Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8300
Vulnerability from cvelistv5
Published
2021-06-16 13:08
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.
References
▼ | URL | Tags |
---|---|---|
https://support.citrix.com/article/CTX297155 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Citrix ADC, Citrix Gateway |
Version: Fixed in Citrix ADC and Citrix Gateway 13.0 before 13.0-82.41, Citrix ADC and Citrix Gateway 12.1 before 12.1-62.23, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:56:28.314Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.citrix.com/article/CTX297155", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Citrix ADC, Citrix Gateway", vendor: "n/a", versions: [ { status: "affected", version: "Fixed in Citrix ADC and Citrix Gateway 13.0 before 13.0-82.41, Citrix ADC and Citrix Gateway 12.1 before 12.1-62.23, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238", }, ], }, ], descriptions: [ { lang: "en", value: "Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "Improper Access Control - Generic (CWE-284)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-16T13:08:16", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.citrix.com/article/CTX297155", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2020-8300", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Citrix ADC, Citrix Gateway", version: { version_data: [ { version_value: "Fixed in Citrix ADC and Citrix Gateway 13.0 before 13.0-82.41, Citrix ADC and Citrix Gateway 12.1 before 12.1-62.23, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Access Control - Generic (CWE-284)", }, ], }, ], }, references: { reference_data: [ { name: "https://support.citrix.com/article/CTX297155", refsource: "MISC", url: "https://support.citrix.com/article/CTX297155", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2020-8300", datePublished: "2021-06-16T13:08:16", dateReserved: "2020-01-28T00:00:00", dateUpdated: "2024-08-04T09:56:28.314Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-22927
Vulnerability from cvelistv5
Published
2021-08-05 20:16
Modified
2024-08-03 18:58
Severity ?
EPSS score ?
Summary
A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.
References
▼ | URL | Tags |
---|---|---|
https://support.citrix.com/article/CTX319135 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Citrix ADC, Citrix Gateway |
Version: Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0 Version: Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1 Version: Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1 Version: Citrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPS |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:58:26.168Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.citrix.com/article/CTX319135", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Citrix ADC, Citrix Gateway", vendor: "n/a", versions: [ { status: "affected", version: "Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0", }, { status: "affected", version: "Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1", }, { status: "affected", version: "Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1", }, { status: "affected", version: "Citrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPS", }, ], }, ], descriptions: [ { lang: "en", value: "A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-384", description: "Session Fixation (CWE-384)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-05T20:16:42", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.citrix.com/article/CTX319135", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2021-22927", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Citrix ADC, Citrix Gateway", version: { version_data: [ { version_value: "Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0", }, { version_value: "Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1", }, { version_value: "Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1", }, { version_value: "Citrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPS", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Session Fixation (CWE-384)", }, ], }, ], }, references: { reference_data: [ { name: "https://support.citrix.com/article/CTX319135", refsource: "MISC", url: "https://support.citrix.com/article/CTX319135", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2021-22927", datePublished: "2021-08-05T20:16:42", dateReserved: "2021-01-06T00:00:00", dateUpdated: "2024-08-03T18:58:26.168Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8197
Vulnerability from cvelistv5
Published
2020-07-10 15:40
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands.
References
▼ | URL | Tags |
---|---|---|
https://support.citrix.com/article/CTX276688 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Citrix ADC, Citrix Gateway |
Version: 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:56:27.921Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.citrix.com/article/CTX276688", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Citrix ADC, Citrix Gateway", vendor: "n/a", versions: [ { status: "affected", version: "13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18", }, ], }, ], descriptions: [ { lang: "en", value: "Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands.", }, ], problemTypes: [ { descriptions: [ { description: "Privilege Escalation (CAPEC-233)", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-10T15:40:09", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.citrix.com/article/CTX276688", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2020-8197", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Citrix ADC, Citrix Gateway", version: { version_data: [ { version_value: "13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Privilege Escalation (CAPEC-233)", }, ], }, ], }, references: { reference_data: [ { name: "https://support.citrix.com/article/CTX276688", refsource: "MISC", url: "https://support.citrix.com/article/CTX276688", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2020-8197", datePublished: "2020-07-10T15:40:09", dateReserved: "2020-01-28T00:00:00", dateUpdated: "2024-08-04T09:56:27.921Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-3642
Vulnerability from cvelistv5
Published
2017-08-02 19:00
Modified
2024-08-06 05:47
Severity ?
EPSS score ?
Summary
The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
References
▼ | URL | Tags |
---|---|---|
http://support.citrix.com/article/CTX200378 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:47:58.515Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.citrix.com/article/CTX200378", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-01-20T00:00:00", descriptions: [ { lang: "en", value: "The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-02T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://support.citrix.com/article/CTX200378", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-3642", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://support.citrix.com/article/CTX200378", refsource: "CONFIRM", url: "http://support.citrix.com/article/CTX200378", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-3642", datePublished: "2017-08-02T19:00:00", dateReserved: "2015-05-04T00:00:00", dateUpdated: "2024-08-06T05:47:58.515Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8195
Vulnerability from cvelistv5
Published
2020-07-10 15:39
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
References
▼ | URL | Tags |
---|---|---|
https://support.citrix.com/article/CTX276688 | x_refsource_MISC | |
http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP |
Version: Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:56:27.563Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.citrix.com/article/CTX276688", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP", vendor: "n/a", versions: [ { status: "affected", version: "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7", }, ], }, ], descriptions: [ { lang: "en", value: "Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "Improper Input Validation (CWE-20)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-11-13T17:06:17", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.citrix.com/article/CTX276688", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2020-8195", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP", version: { version_data: [ { version_value: "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Input Validation (CWE-20)", }, ], }, ], }, references: { reference_data: [ { name: "https://support.citrix.com/article/CTX276688", refsource: "MISC", url: "https://support.citrix.com/article/CTX276688", }, { name: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2020-8195", datePublished: "2020-07-10T15:39:35", dateReserved: "2020-01-28T00:00:00", dateUpdated: "2024-08-04T09:56:27.563Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-3519
Vulnerability from cvelistv5
Published
2023-07-19 17:51
Modified
2024-08-02 06:55
Severity ?
EPSS score ?
Summary
Unauthenticated remote code execution
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Citrix | NetScaler ADC |
Version: 13.1 Version: 13.0 Version: 13.1-FIPS Version: 12.1-FIPS Version: 12.1-NDcPP |
||||
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T06:55:03.597Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "NetScaler ADC ", vendor: "Citrix", versions: [ { lessThan: "49.13", status: "affected", version: "13.1", versionType: "patch", }, { lessThan: "91.13", status: "affected", version: "13.0", versionType: "patch", }, { lessThan: "37.159", status: "affected", version: "13.1-FIPS", versionType: "patch", }, { lessThan: "55.297", status: "affected", version: "12.1-FIPS", versionType: "patch", }, { lessThan: "55.297", status: "affected", version: "12.1-NDcPP", versionType: "patch", }, ], }, { defaultStatus: "unaffected", product: "NetScaler Gateway", vendor: "Citrix", versions: [ { lessThan: "49.13", status: "affected", version: "13.1", versionType: "patch", }, { lessThan: "91.13", status: "affected", version: "13.0", versionType: "patch", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">Unauthenticated remote code execution</span><br>", }, ], value: "Unauthenticated remote code execution\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-19T17:51:39.739Z", orgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", shortName: "Citrix", }, references: [ { url: "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467", }, { url: "http://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.html", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", assignerShortName: "Citrix", cveId: "CVE-2023-3519", datePublished: "2023-07-19T17:51:39.739Z", dateReserved: "2023-07-05T22:22:26.251Z", dateUpdated: "2024-08-02T06:55:03.597Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8245
Vulnerability from cvelistv5
Published
2020-09-18 20:12
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal.
References
▼ | URL | Tags |
---|---|---|
https://support.citrix.com/article/CTX281474 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Citrix ADC, Citrix Gateway |
Version: Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:56:27.961Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.citrix.com/article/CTX281474", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Citrix ADC, Citrix Gateway", vendor: "n/a", versions: [ { status: "affected", version: "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b", }, ], }, ], descriptions: [ { lang: "en", value: "Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Cross-site Scripting (XSS) - Generic (CWE-79)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-18T20:12:07", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.citrix.com/article/CTX281474", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2020-8245", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Citrix ADC, Citrix Gateway", version: { version_data: [ { version_value: "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-site Scripting (XSS) - Generic (CWE-79)", }, ], }, ], }, references: { reference_data: [ { name: "https://support.citrix.com/article/CTX281474", refsource: "MISC", url: "https://support.citrix.com/article/CTX281474", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2020-8245", datePublished: "2020-09-18T20:12:07", dateReserved: "2020-01-28T00:00:00", dateUpdated: "2024-08-04T09:56:27.961Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8246
Vulnerability from cvelistv5
Published
2020-09-18 20:12
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network.
References
▼ | URL | Tags |
---|---|---|
https://support.citrix.com/article/CTX281474 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP |
Version: Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:56:27.947Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.citrix.com/article/CTX281474", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP ", vendor: "n/a", versions: [ { status: "affected", version: "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b", }, ], }, ], descriptions: [ { lang: "en", value: "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "Denial of Service (CWE-400)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-18T20:12:26", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.citrix.com/article/CTX281474", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2020-8246", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP ", version: { version_data: [ { version_value: "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service (CWE-400)", }, ], }, ], }, references: { reference_data: [ { name: "https://support.citrix.com/article/CTX281474", refsource: "MISC", url: "https://support.citrix.com/article/CTX281474", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2020-8246", datePublished: "2020-09-18T20:12:26", dateReserved: "2020-01-28T00:00:00", dateUpdated: "2024-08-04T09:56:27.947Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-3466
Vulnerability from cvelistv5
Published
2023-07-19 18:21
Modified
2024-10-21 21:09
Severity ?
EPSS score ?
Summary
Reflected Cross-Site Scripting (XSS)
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Citrix | NetScaler ADC |
Version: 13.1 Version: 13.0 Version: 13.1-FIPS Version: 12.1-FIPS Version: 12.1-NDcPP |
||||
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T06:55:03.525Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-3466", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-21T21:06:40.290853Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-21T21:09:28.424Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "NetScaler ADC ", vendor: "Citrix", versions: [ { lessThan: "49.13", status: "affected", version: "13.1", versionType: "patch", }, { lessThan: "91.13", status: "affected", version: "13.0", versionType: "patch", }, { lessThan: "37.159", status: "affected", version: "13.1-FIPS", versionType: "patch", }, { lessThan: "55.297", status: "affected", version: "12.1-FIPS ", versionType: "patch", }, { lessThan: "55.297", status: "affected", version: "12.1-NDcPP", versionType: "patch", }, ], }, { defaultStatus: "unaffected", product: "NetScaler Gateway", vendor: "Citrix", versions: [ { lessThan: "49.13", status: "affected", version: "13.1", versionType: "patch", }, { lessThan: "91.13", status: "affected", version: "13.0", versionType: "patch", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">Reflected Cross-Site Scripting (XSS)</span><br>", }, ], value: "Reflected Cross-Site Scripting (XSS)\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-19T18:21:05.262Z", orgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", shortName: "Citrix", }, references: [ { url: "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", assignerShortName: "Citrix", cveId: "CVE-2023-3466", datePublished: "2023-07-19T18:21:05.262Z", dateReserved: "2023-06-29T21:03:53.903Z", dateUpdated: "2024-10-21T21:09:28.424Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6808
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2024-08-05 06:10
Severity ?
EPSS score ?
Summary
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system.
References
▼ | URL | Tags |
---|---|---|
https://support.citrix.com/article/CTX232161 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1040440 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:10:11.369Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.citrix.com/article/CTX232161", }, { name: "1040440", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040440", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-03-01T00:00:00", descriptions: [ { lang: "en", value: "NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-06T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.citrix.com/article/CTX232161", }, { name: "1040440", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040440", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-6808", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://support.citrix.com/article/CTX232161", refsource: "CONFIRM", url: "https://support.citrix.com/article/CTX232161", }, { name: "1040440", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040440", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-6808", datePublished: "2018-03-06T20:00:00", dateReserved: "2018-02-07T00:00:00", dateUpdated: "2024-08-05T06:10:11.369Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-6549
Vulnerability from cvelistv5
Published
2024-01-17 20:15
Modified
2024-08-02 08:35
Severity ?
EPSS score ?
Summary
Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Cloud Software Group | NetScaler ADC |
Version: 14.1 Version: 13.1 Version: 13.0 Version: 13.1-FIPS Version: 12.1-FIPS Version: 12.1-NDcPP |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:35:13.934Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "NetScaler ADC ", vendor: "Cloud Software Group", versions: [ { lessThan: "12.35", status: "affected", version: "14.1", versionType: "patch", }, { lessThan: "51.15", status: "affected", version: "13.1", versionType: "patch", }, { lessThan: "92.21", status: "affected", version: "13.0 ", versionType: "patch", }, { lessThan: "37.176", status: "affected", version: " 13.1-FIPS", versionType: "patch", }, { lessThan: "55.302", status: "affected", version: "12.1-FIPS", versionType: "patch", }, { lessThan: "55.302", status: "affected", version: "12.1-NDcPP", versionType: "patch", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\"><b><span style=\"background-color: rgb(255, 255, 255);\">Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and </span></b><span style=\"background-color: rgb(255, 255, 255);\"><b>Out-Of-Bounds Memory Read</b></span></span><br>", }, ], value: "Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-10T17:29:28.138Z", orgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", shortName: "Citrix", }, references: [ { url: "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", assignerShortName: "Citrix", cveId: "CVE-2023-6549", datePublished: "2024-01-17T20:15:53.345Z", dateReserved: "2023-12-06T11:01:58.256Z", dateUpdated: "2024-08-02T08:35:13.934Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8247
Vulnerability from cvelistv5
Published
2020-09-18 20:12
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.
References
▼ | URL | Tags |
---|---|---|
https://support.citrix.com/article/CTX281474 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP |
Version: Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:56:28.043Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.citrix.com/article/CTX281474", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP", vendor: "n/a", versions: [ { status: "affected", version: "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b", }, ], }, ], descriptions: [ { lang: "en", value: "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "Improper Privilege Management (CWE-269)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-18T20:12:32", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.citrix.com/article/CTX281474", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2020-8247", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP", version: { version_data: [ { version_value: "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Privilege Management (CWE-269)", }, ], }, ], }, references: { reference_data: [ { name: "https://support.citrix.com/article/CTX281474", refsource: "MISC", url: "https://support.citrix.com/article/CTX281474", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2020-8247", datePublished: "2020-09-18T20:12:32", dateReserved: "2020-01-28T00:00:00", dateUpdated: "2024-08-04T09:56:28.043Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8299
Vulnerability from cvelistv5
Published
2021-06-16 13:08
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.
References
▼ | URL | Tags |
---|---|---|
https://support.citrix.com/article/CTX297155 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP Edition |
Version: Fixed in Citrix ADC and Citrix Gateway 13.0-76.29 and later releases of 13.0, Citrix ADC and Citrix Gateway 12.1-61.18 and later releases of 12.1, Citrix ADC and NetScaler Gateway 11.1-65.20 and later releases of 11.1, Citrix ADC 12.1-FIPS 12.1-55.238 and later releases of 12.1-FIPS, Citrix SD-WAN WANOP 11.4.0 and later releases of 11.4, Citrix SD-WAN WANOP 11.3.2 and later releases of 11.3, Citrix SD-WAN WANOP 11.3.1a and later releases of 11.3, Citrix SD-WAN WANOP 11.2.3a and later releases of 11.2, Citrix SD-WAN WANOP 11.1.2c and later releases of 11.1, Citrix SD-WAN WANOP 10.2.9a and later releases of 10.2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:56:28.408Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.citrix.com/article/CTX297155", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP Edition", vendor: "n/a", versions: [ { status: "affected", version: "Fixed in Citrix ADC and Citrix Gateway 13.0-76.29 and later releases of 13.0, Citrix ADC and Citrix Gateway 12.1-61.18 and later releases of 12.1, Citrix ADC and NetScaler Gateway 11.1-65.20 and later releases of 11.1, Citrix ADC 12.1-FIPS 12.1-55.238 and later releases of 12.1-FIPS, Citrix SD-WAN WANOP 11.4.0 and later releases of 11.4, Citrix SD-WAN WANOP 11.3.2 and later releases of 11.3, Citrix SD-WAN WANOP 11.3.1a and later releases of 11.3, Citrix SD-WAN WANOP 11.2.3a and later releases of 11.2, Citrix SD-WAN WANOP 11.1.2c and later releases of 11.1, Citrix SD-WAN WANOP 10.2.9a and later releases of 10.2", }, ], }, ], descriptions: [ { lang: "en", value: "Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "Denial of Service (CWE-400)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-16T13:08:22", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.citrix.com/article/CTX297155", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2020-8299", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP Edition", version: { version_data: [ { version_value: "Fixed in Citrix ADC and Citrix Gateway 13.0-76.29 and later releases of 13.0, Citrix ADC and Citrix Gateway 12.1-61.18 and later releases of 12.1, Citrix ADC and NetScaler Gateway 11.1-65.20 and later releases of 11.1, Citrix ADC 12.1-FIPS 12.1-55.238 and later releases of 12.1-FIPS, Citrix SD-WAN WANOP 11.4.0 and later releases of 11.4, Citrix SD-WAN WANOP 11.3.2 and later releases of 11.3, Citrix SD-WAN WANOP 11.3.1a and later releases of 11.3, Citrix SD-WAN WANOP 11.2.3a and later releases of 11.2, Citrix SD-WAN WANOP 11.1.2c and later releases of 11.1, Citrix SD-WAN WANOP 10.2.9a and later releases of 10.2", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service (CWE-400)", }, ], }, ], }, references: { reference_data: [ { name: "https://support.citrix.com/article/CTX297155", refsource: "MISC", url: "https://support.citrix.com/article/CTX297155", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2020-8299", datePublished: "2021-06-16T13:08:22", dateReserved: "2020-01-28T00:00:00", dateUpdated: "2024-08-04T09:56:28.408Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6810
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2024-08-05 06:10
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request.
References
▼ | URL | Tags |
---|---|---|
https://support.citrix.com/article/CTX232161 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1040440 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:10:11.331Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.citrix.com/article/CTX232161", }, { name: "1040440", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040440", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-03-01T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-06T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.citrix.com/article/CTX232161", }, { name: "1040440", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040440", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-6810", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://support.citrix.com/article/CTX232161", refsource: "CONFIRM", url: "https://support.citrix.com/article/CTX232161", }, { name: "1040440", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040440", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-6810", datePublished: "2018-03-06T20:00:00", dateReserved: "2018-02-07T00:00:00", dateUpdated: "2024-08-05T06:10:11.331Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-6485
Vulnerability from cvelistv5
Published
2019-02-22 23:00
Modified
2024-08-04 20:23
Severity ?
EPSS score ?
Summary
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled.
References
▼ | URL | Tags |
---|---|---|
https://github.com/RUB-NDS/TLS-Padding-Oracles | x_refsource_MISC | |
https://support.citrix.com/article/CTX240139 | x_refsource_MISC | |
http://www.securityfocus.com/bid/106783 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:23:21.376Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/RUB-NDS/TLS-Padding-Oracles", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.citrix.com/article/CTX240139", }, { name: "106783", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/106783", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-02-22T00:00:00", descriptions: [ { lang: "en", value: "Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-02-26T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/RUB-NDS/TLS-Padding-Oracles", }, { tags: [ "x_refsource_MISC", ], url: "https://support.citrix.com/article/CTX240139", }, { name: "106783", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/106783", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-6485", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/RUB-NDS/TLS-Padding-Oracles", refsource: "MISC", url: "https://github.com/RUB-NDS/TLS-Padding-Oracles", }, { name: "https://support.citrix.com/article/CTX240139", refsource: "MISC", url: "https://support.citrix.com/article/CTX240139", }, { name: "106783", refsource: "BID", url: "http://www.securityfocus.com/bid/106783", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-6485", datePublished: "2019-02-22T23:00:00", dateReserved: "2019-01-18T00:00:00", dateUpdated: "2024-08-04T20:23:21.376Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2072
Vulnerability from cvelistv5
Published
2016-02-17 15:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1035098 | vdb-entry, x_refsource_SECTRACK | |
http://support.citrix.com/article/CTX206001 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:17:50.363Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1035098", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035098", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.citrix.com/article/CTX206001", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-11T00:00:00", descriptions: [ { lang: "en", value: "The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-01T15:57:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1035098", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035098", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.citrix.com/article/CTX206001", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-2072", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1035098", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035098", }, { name: "http://support.citrix.com/article/CTX206001", refsource: "CONFIRM", url: "http://support.citrix.com/article/CTX206001", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-2072", datePublished: "2016-02-17T15:00:00", dateReserved: "2016-01-26T00:00:00", dateUpdated: "2024-08-05T23:17:50.363Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-4966
Vulnerability from cvelistv5
Published
2023-10-10 13:12
Modified
2024-08-02 07:44
Severity ?
EPSS score ?
Summary
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Citrix | NetScaler ADC |
Version: 14.1 Version: 13.1 Version: 13.0 Version: 13.1-FIPS Version: 12.1-FIPS Version: 12.1-NDcPP |
||||
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:44:53.522Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.citrix.com/article/CTX579459", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "NetScaler ADC ", vendor: "Citrix", versions: [ { lessThan: "8.50", status: "affected", version: "14.1", versionType: "patch", }, { lessThan: "49.15", status: "affected", version: "13.1", versionType: "patch", }, { lessThan: "92.19", status: "affected", version: "13.0", versionType: "patch", }, { lessThan: "37.164", status: "affected", version: "13.1-FIPS", versionType: "patch", }, { lessThan: "55.300", status: "affected", version: "12.1-FIPS", versionType: "patch", }, { lessThan: "55.300", status: "affected", version: "12.1-NDcPP", versionType: "patch", }, ], }, { defaultStatus: "unaffected", product: "NetScaler Gateway", vendor: "Citrix", versions: [ { lessThan: "8.50", status: "affected", version: "14.1", versionType: "patch", }, { lessThan: "49.15", status: "affected", version: "13.1", versionType: "patch", }, { lessThan: "92.19", status: "affected", version: "13.0", versionType: "patch", }, ], }, ], datePublic: "2023-10-10T12:33:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<b><p><b><span style=\"background-color: transparent;\">Sensitive information disclosure </span></b><span style=\"background-color: var(--wht);\">in NetScaler ADC and NetScaler Gateway when configured as a </span><span style=\"background-color: transparent;\">Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) </span><span style=\"background-color: transparent;\">or </span><span style=\"background-color: transparent;\">AAA virtual server. </span><span style=\"background-color: transparent;\"><br></span><span style=\"background-color: var(--wht);\"><br></span></p></b>", }, ], value: "Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. \n\n\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 9.4, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-10T13:12:29.552Z", orgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", shortName: "Citrix", }, references: [ { url: "https://support.citrix.com/article/CTX579459", }, { url: "http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html", }, ], source: { discovery: "UNKNOWN", }, title: "Unauthenticated sensitive information disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", assignerShortName: "Citrix", cveId: "CVE-2023-4966", datePublished: "2023-10-10T13:12:17.644Z", dateReserved: "2023-09-14T15:51:21.569Z", dateUpdated: "2024-08-02T07:44:53.522Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8190
Vulnerability from cvelistv5
Published
2020-07-10 15:32
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.
References
▼ | URL | Tags |
---|---|---|
https://support.citrix.com/article/CTX276688 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Citrix ADC, Citrix Gateway |
Version: 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:56:27.603Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.citrix.com/article/CTX276688", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Citrix ADC, Citrix Gateway", vendor: "n/a", versions: [ { status: "affected", version: "13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18", }, ], }, ], descriptions: [ { lang: "en", value: "Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.", }, ], problemTypes: [ { descriptions: [ { description: "Privilege Escalation (CAPEC-233)", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-10T15:32:34", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.citrix.com/article/CTX276688", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2020-8190", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Citrix ADC, Citrix Gateway", version: { version_data: [ { version_value: "13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Privilege Escalation (CAPEC-233)", }, ], }, ], }, references: { reference_data: [ { name: "https://support.citrix.com/article/CTX276688", refsource: "MISC", url: "https://support.citrix.com/article/CTX276688", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2020-8190", datePublished: "2020-07-10T15:32:34", dateReserved: "2020-01-28T00:00:00", dateUpdated: "2024-08-04T09:56:27.603Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2071
Vulnerability from cvelistv5
Published
2016-02-17 15:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1035098 | vdb-entry, x_refsource_SECTRACK | |
http://support.citrix.com/article/CTX206001 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:17:50.399Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1035098", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035098", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.citrix.com/article/CTX206001", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-11T00:00:00", descriptions: [ { lang: "en", value: "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-01T15:57:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1035098", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035098", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.citrix.com/article/CTX206001", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-2071", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1035098", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035098", }, { name: "http://support.citrix.com/article/CTX206001", refsource: "CONFIRM", url: "http://support.citrix.com/article/CTX206001", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-2071", datePublished: "2016-02-17T15:00:00", dateReserved: "2016-01-26T00:00:00", dateUpdated: "2024-08-05T23:17:50.399Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12044
Vulnerability from cvelistv5
Published
2019-05-22 15:29
Modified
2024-08-04 23:10
Severity ?
EPSS score ?
Summary
A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23.
References
▼ | URL | Tags |
---|---|---|
https://support.citrix.com/v1/search?searchQuery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletin | x_refsource_MISC | |
https://support.citrix.com/article/CTX249976 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:10:30.180Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.citrix.com/v1/search?searchQuery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletin", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.citrix.com/article/CTX249976", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-22T15:29:28", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.citrix.com/v1/search?searchQuery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletin", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.citrix.com/article/CTX249976", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12044", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://support.citrix.com/v1/search?searchQuery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletin", refsource: "MISC", url: "https://support.citrix.com/v1/search?searchQuery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletin", }, { name: "https://support.citrix.com/article/CTX249976", refsource: "CONFIRM", url: "https://support.citrix.com/article/CTX249976", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12044", datePublished: "2019-05-22T15:29:28", dateReserved: "2019-05-13T00:00:00", dateUpdated: "2024-08-04T23:10:30.180Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-22919
Vulnerability from cvelistv5
Published
2021-08-05 20:16
Modified
2024-08-03 18:58
Severity ?
EPSS score ?
Summary
A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed.
References
▼ | URL | Tags |
---|---|---|
https://support.citrix.com/article/CTX319135 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP |
Version: Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0 Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1 Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1 Citrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPS Citrix SD-WAN WANOP Edition 11.4.0a and later releases of 11.4 Citrix SD-WAN WANOP Edition 11.3.2a and later releases of 11.3 Citrix SD-WAN WANOP Edition 11.2.3b and later releases of 11.2 Citrix SD-WAN WANOP Edition 10.2.9b and later releases of 10.2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:58:25.542Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.citrix.com/article/CTX319135", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP", vendor: "n/a", versions: [ { status: "affected", version: "Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0 Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1 Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1 Citrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPS Citrix SD-WAN WANOP Edition 11.4.0a and later releases of 11.4 Citrix SD-WAN WANOP Edition 11.3.2a and later releases of 11.3 Citrix SD-WAN WANOP Edition 11.2.3b and later releases of 11.2 Citrix SD-WAN WANOP Edition 10.2.9b and later releases of 10.2", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "Allocation of Resources Without Limits or Throttling (CWE-770)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-05T20:16:46", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.citrix.com/article/CTX319135", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2021-22919", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP", version: { version_data: [ { version_value: "Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0 Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1 Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1 Citrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPS Citrix SD-WAN WANOP Edition 11.4.0a and later releases of 11.4 Citrix SD-WAN WANOP Edition 11.3.2a and later releases of 11.3 Citrix SD-WAN WANOP Edition 11.2.3b and later releases of 11.2 Citrix SD-WAN WANOP Edition 10.2.9b and later releases of 10.2", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Allocation of Resources Without Limits or Throttling (CWE-770)", }, ], }, ], }, references: { reference_data: [ { name: "https://support.citrix.com/article/CTX319135", refsource: "MISC", url: "https://support.citrix.com/article/CTX319135", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2021-22919", datePublished: "2021-08-05T20:16:46", dateReserved: "2021-01-06T00:00:00", dateUpdated: "2024-08-03T18:58:25.542Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8191
Vulnerability from cvelistv5
Published
2020-07-10 15:38
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).
References
▼ | URL | Tags |
---|---|---|
https://support.citrix.com/article/CTX276688 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP |
Version: Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:56:28.333Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.citrix.com/article/CTX276688", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP", vendor: "n/a", versions: [ { status: "affected", version: "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7", }, ], }, ], descriptions: [ { lang: "en", value: "Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Cross-site Scripting (XSS) - Reflected (CWE-79)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-10T15:38:10", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.citrix.com/article/CTX276688", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2020-8191", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP", version: { version_data: [ { version_value: "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-site Scripting (XSS) - Reflected (CWE-79)", }, ], }, ], }, references: { reference_data: [ { name: "https://support.citrix.com/article/CTX276688", refsource: "MISC", url: "https://support.citrix.com/article/CTX276688", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2020-8191", datePublished: "2020-07-10T15:38:10", dateReserved: "2020-01-28T00:00:00", dateUpdated: "2024-08-04T09:56:28.333Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19781
Vulnerability from cvelistv5
Published
2019-12-27 13:06
Modified
2024-08-05 02:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:25:12.672Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.citrix.com/article/CTX267027", }, { name: "VU#619785", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/619785", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://twitter.com/bad_packets/status/1215431625766424576", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://forms.gle/eDf3DXZAv96oosfj6", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-16T18:06:17", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.citrix.com/article/CTX267027", }, { name: "VU#619785", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "https://www.kb.cert.org/vuls/id/619785", }, { tags: [ "x_refsource_MISC", ], url: "https://twitter.com/bad_packets/status/1215431625766424576", }, { tags: [ "x_refsource_MISC", ], url: "https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/", }, { tags: [ "x_refsource_MISC", ], url: "https://forms.gle/eDf3DXZAv96oosfj6", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19781", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://support.citrix.com/article/CTX267027", refsource: "CONFIRM", url: "https://support.citrix.com/article/CTX267027", }, { name: "VU#619785", refsource: "CERT-VN", url: "https://www.kb.cert.org/vuls/id/619785", }, { name: "https://twitter.com/bad_packets/status/1215431625766424576", refsource: "MISC", url: "https://twitter.com/bad_packets/status/1215431625766424576", }, { name: "https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/", refsource: "MISC", url: "https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/", }, { name: "https://forms.gle/eDf3DXZAv96oosfj6", refsource: "MISC", url: "https://forms.gle/eDf3DXZAv96oosfj6", }, { name: "http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html", }, { name: "http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.html", }, { name: "http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html", }, { name: "http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html", }, { name: "http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-19781", datePublished: "2019-12-27T13:06:46", dateReserved: "2019-12-13T00:00:00", dateUpdated: "2024-08-05T02:25:12.672Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2024-01-17 21:15
Modified
2024-11-21 08:44
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read
References
Impacted products
{ cisaActionDue: "2024-02-07", cisaExploitAdd: "2024-01-17", cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", cisaVulnerabilityName: "Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", matchCriteriaId: "E5672003-8E6B-4316-B5C9-FE436080ADD1", versionEndExcluding: "12.1-55.302", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*", matchCriteriaId: "D1A11ABD-4F45-4BA9-B30B-F1D8A612CC15", versionEndExcluding: "12.1-55.302", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", matchCriteriaId: "FC0A5AAC-62DD-416A-A801-A7A95D5EF73C", versionEndExcluding: "13.0-92.21", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", matchCriteriaId: "8C8A6B95-8338-4EE7-A6EC-7D84AEDC4AF3", versionEndExcluding: "13.1-37.176", versionStartIncluding: "13.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", matchCriteriaId: "3CF77D9D-FC89-493D-B97D-F9699D182F54", versionEndExcluding: "13.1-51.15", versionStartIncluding: "13.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", matchCriteriaId: "62CD82CF-9013-4E54-B175-19B804A351AA", versionEndExcluding: "14.1-12.35", versionStartIncluding: "14.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "68E1F810-ABCD-40A7-A8C1-4E8727799C7C", versionEndExcluding: "13.0-92.21", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "E870C309-D5CD-4181-9DEB-4833DE2EAEB7", versionEndExcluding: "13.1-51.15", versionStartIncluding: "13.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "2836707F-A36F-479E-BFDC-CF55AEFC37EE", versionEndExcluding: "14.1-12.35", versionStartIncluding: "14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read\n", }, { lang: "es", value: "La restricción inadecuada de las operaciones dentro de los límites de un búfer de memoria en NetScaler ADC y NetScaler Gateway permite una denegación de servicio no autenticada", }, ], id: "CVE-2023-6549", lastModified: "2024-11-21T08:44:04.727", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.2, source: "secure@citrix.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-17T21:15:11.690", references: [ { source: "secure@citrix.com", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549", }, ], sourceIdentifier: "secure@citrix.com", vulnStatus: "Undergoing Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "secure@citrix.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2024-11-21 04:11
Severity ?
Summary
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.securitytracker.com/id/1040440 | Third Party Advisory, VDB Entry | |
cve@mitre.org | https://support.citrix.com/article/CTX232161 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040440 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX232161 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*", matchCriteriaId: "D8C7525B-2A2D-43AF-8DA0-11FF28322337", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:11.0:*:*:*:*:*:*:*", matchCriteriaId: "CB678AF5-12B4-41D0-A381-46EE277313B7", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*", matchCriteriaId: "123D42E1-3CDD-4D46-82F6-8982DE716F7E", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*", matchCriteriaId: "FFCE3458-6750-4773-BA18-CAA67A6093D4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*", matchCriteriaId: "7E0FA8E2-3E8F-481E-8C39-FB00A9739DFC", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.0:*:*:*:*:*:*:*", matchCriteriaId: "D2C6F82C-9969-4A6E-88C8-AB8BB0AAD3C7", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*", matchCriteriaId: "A5D73B9A-59AA-4A38-AEAF-7EAB0965CD7E", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*", matchCriteriaId: "B9F3ED0E-7F3D-477B-B645-77DA5FC7F502", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system.", }, { lang: "es", value: "NetScaler ADC 10.5, 11.0, 11.1 y 12.0 y NetScaler Gateway 10.5, 11.0, 11.1 y12.0 permiten que atacantes remotos descarguen archivos arbitrarios en el sistema objetivo.", }, ], id: "CVE-2018-6808", lastModified: "2024-11-21T04:11:13.900", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-03-06T20:29:01.063", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040440", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX232161", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040440", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX232161", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-12-27 14:15
Modified
2024-11-21 04:35
Severity ?
Summary
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
References
Impacted products
{ cisaActionDue: "2022-05-03", cisaExploitAdd: "2021-11-03", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*", matchCriteriaId: "D56F2AAF-4658-484C-9A3A-D8A52BA5B10C", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*", matchCriteriaId: "8CE9E655-0D97-4DCF-AC2F-79DCD12770E5", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*", matchCriteriaId: "49454F7D-77B5-46DF-B95C-312AF2E68EAD", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1:*:*:*:*:*:*:*", matchCriteriaId: "201246D4-1E22-4F28-9683-D6A9FD0F7A6B", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:13.0:*:*:*:*:*:*:*", matchCriteriaId: "A3A50966-5554-4919-B6CE-BD8F6FF991D8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*", matchCriteriaId: "7E0FA8E2-3E8F-481E-8C39-FB00A9739DFC", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*", matchCriteriaId: "A5D73B9A-59AA-4A38-AEAF-7EAB0965CD7E", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*", matchCriteriaId: "B9F3ED0E-7F3D-477B-B645-77DA5FC7F502", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:12.1:*:*:*:*:*:*:*", matchCriteriaId: "58349F8E-3177-413A-9CBE-BB454DCD31E4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:gateway_firmware:13.0:*:*:*:*:*:*:*", matchCriteriaId: "A80EAFB1-82DA-49BE-815D-D248624B442C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "3EF98B43-71DB-4230-B7AC-76EC2B1F0533", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.", }, { lang: "es", value: "Se descubrió un problema en Citrix Application Delivery Controller (ADC) and Gateway versiones 10.5, 11.1, 12.0, 12.1 y 13.0. Permiten un salto de directorio.", }, ], id: "CVE-2019-19781", lastModified: "2024-11-21T04:35:22.303", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-27T14:15:12.070", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://forms.gle/eDf3DXZAv96oosfj6", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX267027", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://twitter.com/bad_packets/status/1215431625766424576", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/619785", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://forms.gle/eDf3DXZAv96oosfj6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX267027", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://twitter.com/bad_packets/status/1215431625766424576", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/619785", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-10 16:15
Modified
2024-11-21 05:38
Severity ?
Summary
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
References
▼ | URL | Tags | |
---|---|---|---|
support@hackerone.com | http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html | Third Party Advisory, VDB Entry | |
support@hackerone.com | https://support.citrix.com/article/CTX276688 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX276688 | Vendor Advisory |
Impacted products
{ cisaActionDue: "2022-05-03", cisaExploitAdd: "2021-11-03", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC8327D0-8B64-44AF-A230-AAE32F3526CF", versionEndExcluding: "10.5-70.18", versionStartIncluding: "10.5", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D4807513-1157-4CE3-8998-9C5EB9BBDA3E", versionEndExcluding: "11.1-64.14", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "165076F2-014F-46F9-A1AB-2256D935A21B", versionEndExcluding: "12.0-63.21", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D6AE49E6-A6B9-4E2B-9AFB-7F1808D052F6", versionEndExcluding: "12.1-57.18", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "03868D24-B1C0-4245-AE28-0960CF2816C1", versionEndExcluding: "13.0-58.30", versionStartIncluding: "13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BA7AAC01-A7CB-48F4-A25D-4A29479CD0DA", versionEndExcluding: "10.5-70.18", versionStartIncluding: "10.5", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "61C33096-91FD-4387-8B90-C8981DB7F926", versionEndExcluding: "11.1-64.14", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7605821F-21B0-4F9D-AAD1-F901CED00585", versionEndExcluding: "12.0-63.21", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6FA8946F-75C2-4515-9EBE-E1884B35ECF1", versionEndExcluding: "12.1-57.18", versionStartIncluding: "12.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E6D0CC10-FE91-40E4-BFFD-11BE41DD4269", versionEndExcluding: "13.0-58.30", versionStartIncluding: "13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "3EF98B43-71DB-4230-B7AC-76EC2B1F0533", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "B7DF63BB-CCE6-4405-8E6D-6DF1BC975D3D", versionEndExcluding: "10.2.7", versionStartIncluding: "10.2", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "1D1A5E7D-C3A7-48B8-BD6D-5973F8361DEC", versionEndExcluding: "11.0.3d", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "0471F1F0-F804-47BA-98A1-7080E1C740E7", versionEndExcluding: "11.1.1a", versionStartIncluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:4000-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "25C848BC-98F7-41D4-A262-8B7EB304F4C1", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:4100-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "F3979EFF-AE6E-4274-97E2-58C7E01C920E", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:5000-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "C87AF39E-6BCF-4188-BAB1-A5CBDEBF662E", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:5100-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "38514675-1C15-460C-B34C-2633A8A36A78", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.", }, { lang: "es", value: "Un control de acceso inapropiado en Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18 y Citrix SDWAN WAN-OP versiones anteriores a 11.1.1a, 11.0.3d y 10.2.7, resulta en una divulgación de información limitada para usuarios poco privilegiados", }, ], id: "CVE-2020-8196", lastModified: "2024-11-21T05:38:28.883", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-10T16:15:12.407", references: [ { source: "support@hackerone.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html", }, { source: "support@hackerone.com", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX276688", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX276688", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-10 16:15
Modified
2024-11-21 05:38
Severity ?
Summary
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.
References
▼ | URL | Tags | |
---|---|---|---|
support@hackerone.com | http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html | Exploit, Third Party Advisory, VDB Entry | |
support@hackerone.com | https://support.citrix.com/article/CTX276688 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html | Exploit, Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX276688 | Vendor Advisory |
Impacted products
{ cisaActionDue: "2022-05-03", cisaExploitAdd: "2021-11-03", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC8327D0-8B64-44AF-A230-AAE32F3526CF", versionEndExcluding: "10.5-70.18", versionStartIncluding: "10.5", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D4807513-1157-4CE3-8998-9C5EB9BBDA3E", versionEndExcluding: "11.1-64.14", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "165076F2-014F-46F9-A1AB-2256D935A21B", versionEndExcluding: "12.0-63.21", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D6AE49E6-A6B9-4E2B-9AFB-7F1808D052F6", versionEndExcluding: "12.1-57.18", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "03868D24-B1C0-4245-AE28-0960CF2816C1", versionEndExcluding: "13.0-58.30", versionStartIncluding: "13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BA7AAC01-A7CB-48F4-A25D-4A29479CD0DA", versionEndExcluding: "10.5-70.18", versionStartIncluding: "10.5", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "61C33096-91FD-4387-8B90-C8981DB7F926", versionEndExcluding: "11.1-64.14", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7605821F-21B0-4F9D-AAD1-F901CED00585", versionEndExcluding: "12.0-63.21", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6FA8946F-75C2-4515-9EBE-E1884B35ECF1", versionEndExcluding: "12.1-57.18", versionStartIncluding: "12.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E6D0CC10-FE91-40E4-BFFD-11BE41DD4269", versionEndExcluding: "13.0-58.30", versionStartIncluding: "13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "3EF98B43-71DB-4230-B7AC-76EC2B1F0533", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "B7DF63BB-CCE6-4405-8E6D-6DF1BC975D3D", versionEndExcluding: "10.2.7", versionStartIncluding: "10.2", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "1D1A5E7D-C3A7-48B8-BD6D-5973F8361DEC", versionEndExcluding: "11.0.3d", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "0471F1F0-F804-47BA-98A1-7080E1C740E7", versionEndExcluding: "11.1.1a", versionStartIncluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:4000-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "25C848BC-98F7-41D4-A262-8B7EB304F4C1", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:4100-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "F3979EFF-AE6E-4274-97E2-58C7E01C920E", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:5000-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "C87AF39E-6BCF-4188-BAB1-A5CBDEBF662E", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:5100-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "38514675-1C15-460C-B34C-2633A8A36A78", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.", }, { lang: "es", value: "Un control de acceso inapropiado en Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18 y Citrix SDWAN WAN-OP versiones anteriores a 11.1.1a, 11.0.3d y 10.2.7, permite un acceso no autenticado a determinados endpoints de URL", }, ], id: "CVE-2020-8193", lastModified: "2024-11-21T05:38:28.530", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-10T16:15:12.157", references: [ { source: "support@hackerone.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html", }, { source: "support@hackerone.com", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX276688", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX276688", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2024-11-21 04:11
Severity ?
Summary
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.securitytracker.com/id/1040440 | Third Party Advisory, VDB Entry | |
cve@mitre.org | https://support.citrix.com/article/CTX232161 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040440 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX232161 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*", matchCriteriaId: "D8C7525B-2A2D-43AF-8DA0-11FF28322337", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:11.0:*:*:*:*:*:*:*", matchCriteriaId: "CB678AF5-12B4-41D0-A381-46EE277313B7", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*", matchCriteriaId: "123D42E1-3CDD-4D46-82F6-8982DE716F7E", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*", matchCriteriaId: "FFCE3458-6750-4773-BA18-CAA67A6093D4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*", matchCriteriaId: "7E0FA8E2-3E8F-481E-8C39-FB00A9739DFC", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.0:*:*:*:*:*:*:*", matchCriteriaId: "D2C6F82C-9969-4A6E-88C8-AB8BB0AAD3C7", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*", matchCriteriaId: "A5D73B9A-59AA-4A38-AEAF-7EAB0965CD7E", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*", matchCriteriaId: "B9F3ED0E-7F3D-477B-B645-77DA5FC7F502", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system.", }, { lang: "es", value: "NetScaler ADC 10.5, 11.0, 11.1 y 12.0 y NetScaler Gateway 10.5, 11.0, 11.1 y12.0 permiten que atacantes remotos obtengan privilegios en el sistema objetivo.", }, ], id: "CVE-2018-6809", lastModified: "2024-11-21T04:11:14.047", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-03-06T20:29:01.127", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040440", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX232161", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040440", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX232161", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-10 16:15
Modified
2024-11-21 05:38
Severity ?
Summary
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).
References
▼ | URL | Tags | |
---|---|---|---|
support@hackerone.com | https://support.citrix.com/article/CTX276688 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX276688 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC8327D0-8B64-44AF-A230-AAE32F3526CF", versionEndExcluding: "10.5-70.18", versionStartIncluding: "10.5", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D4807513-1157-4CE3-8998-9C5EB9BBDA3E", versionEndExcluding: "11.1-64.14", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "165076F2-014F-46F9-A1AB-2256D935A21B", versionEndExcluding: "12.0-63.21", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D6AE49E6-A6B9-4E2B-9AFB-7F1808D052F6", versionEndExcluding: "12.1-57.18", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "03868D24-B1C0-4245-AE28-0960CF2816C1", versionEndExcluding: "13.0-58.30", versionStartIncluding: "13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BA7AAC01-A7CB-48F4-A25D-4A29479CD0DA", versionEndExcluding: "10.5-70.18", versionStartIncluding: "10.5", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "61C33096-91FD-4387-8B90-C8981DB7F926", versionEndExcluding: "11.1-64.14", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7605821F-21B0-4F9D-AAD1-F901CED00585", versionEndExcluding: "12.0-63.21", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6FA8946F-75C2-4515-9EBE-E1884B35ECF1", versionEndExcluding: "12.1-57.18", versionStartIncluding: "12.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E6D0CC10-FE91-40E4-BFFD-11BE41DD4269", versionEndExcluding: "13.0-58.30", versionStartIncluding: "13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "3EF98B43-71DB-4230-B7AC-76EC2B1F0533", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "B7DF63BB-CCE6-4405-8E6D-6DF1BC975D3D", versionEndExcluding: "10.2.7", versionStartIncluding: "10.2", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "1D1A5E7D-C3A7-48B8-BD6D-5973F8361DEC", versionEndExcluding: "11.0.3d", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "0471F1F0-F804-47BA-98A1-7080E1C740E7", versionEndExcluding: "11.1.1a", versionStartIncluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:4000-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "25C848BC-98F7-41D4-A262-8B7EB304F4C1", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:4100-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "F3979EFF-AE6E-4274-97E2-58C7E01C920E", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:5000-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "C87AF39E-6BCF-4188-BAB1-A5CBDEBF662E", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:5100-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "38514675-1C15-460C-B34C-2633A8A36A78", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).", }, { lang: "es", value: "Una comprobación de entrada inapropiada en versiones de Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18 y Citrix SDWAN WAN-OP versiones anteriores a 11.1.1a, 11.0.3d y 10.2.7, permite un ataque de tipo Cross Site Scripting (XSS) reflejado", }, ], id: "CVE-2020-8191", lastModified: "2024-11-21T05:38:28.313", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-10T16:15:12.077", references: [ { source: "support@hackerone.com", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX276688", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX276688", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-10 16:15
Modified
2024-11-21 05:38
Severity ?
Summary
Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.
References
▼ | URL | Tags | |
---|---|---|---|
support@hackerone.com | https://support.citrix.com/article/CTX276688 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX276688 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC8327D0-8B64-44AF-A230-AAE32F3526CF", versionEndExcluding: "10.5-70.18", versionStartIncluding: "10.5", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D4807513-1157-4CE3-8998-9C5EB9BBDA3E", versionEndExcluding: "11.1-64.14", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "165076F2-014F-46F9-A1AB-2256D935A21B", versionEndExcluding: "12.0-63.21", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D6AE49E6-A6B9-4E2B-9AFB-7F1808D052F6", versionEndExcluding: "12.1-57.18", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "03868D24-B1C0-4245-AE28-0960CF2816C1", versionEndExcluding: "13.0-58.30", versionStartIncluding: "13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BA7AAC01-A7CB-48F4-A25D-4A29479CD0DA", versionEndExcluding: "10.5-70.18", versionStartIncluding: "10.5", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "61C33096-91FD-4387-8B90-C8981DB7F926", versionEndExcluding: "11.1-64.14", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7605821F-21B0-4F9D-AAD1-F901CED00585", versionEndExcluding: "12.0-63.21", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6FA8946F-75C2-4515-9EBE-E1884B35ECF1", versionEndExcluding: "12.1-57.18", versionStartIncluding: "12.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E6D0CC10-FE91-40E4-BFFD-11BE41DD4269", versionEndExcluding: "13.0-58.30", versionStartIncluding: "13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "3EF98B43-71DB-4230-B7AC-76EC2B1F0533", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "B7DF63BB-CCE6-4405-8E6D-6DF1BC975D3D", versionEndExcluding: "10.2.7", versionStartIncluding: "10.2", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "1D1A5E7D-C3A7-48B8-BD6D-5973F8361DEC", versionEndExcluding: "11.0.3d", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "0471F1F0-F804-47BA-98A1-7080E1C740E7", versionEndExcluding: "11.1.1a", versionStartIncluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:4000-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "25C848BC-98F7-41D4-A262-8B7EB304F4C1", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:4100-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "F3979EFF-AE6E-4274-97E2-58C7E01C920E", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:5000-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "C87AF39E-6BCF-4188-BAB1-A5CBDEBF662E", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:5100-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "38514675-1C15-460C-B34C-2633A8A36A78", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.", }, { lang: "es", value: "Una inyección de código reflejado en Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18 y Citrix SDWAN WAN-OP versiones anteriores a 11.1.1a, 11.0.3d y 10.2.7, permite la modificación de una descarga de archivo", }, ], id: "CVE-2020-8194", lastModified: "2024-11-21T05:38:28.647", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-10T16:15:12.247", references: [ { source: "support@hackerone.com", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX276688", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX276688", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-10 14:15
Modified
2024-11-21 08:36
Severity ?
9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
References
▼ | URL | Tags | |
---|---|---|---|
secure@citrix.com | http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html | Third Party Advisory, VDB Entry | |
secure@citrix.com | https://support.citrix.com/article/CTX579459 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX579459 | Vendor Advisory |
Impacted products
{ cisaActionDue: "2023-11-08", cisaExploitAdd: "2023-10-18", cisaRequiredAction: "Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.", cisaVulnerabilityName: "Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", matchCriteriaId: "492BEB4B-7A4B-47C2-93D1-2B0683AA3A20", versionEndExcluding: "12.1-55.300", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*", matchCriteriaId: "81EF12C2-4197-4C0D-BE11-556F05DAD646", versionEndExcluding: "12.1-55.300", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", matchCriteriaId: "9EEC53B2-686A-4C6F-98DE-5D6AE804B0A8", versionEndExcluding: "13.0-92.19", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", matchCriteriaId: "109301A8-9ADD-4A49-9C45-D21A4DA840E9", versionEndExcluding: "13.1-37.164", versionStartIncluding: "13.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", matchCriteriaId: "5C1739C5-48C1-46BC-A524-B4CC4C5B6436", versionEndExcluding: "13.1-49.15", versionStartIncluding: "13.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", matchCriteriaId: "9148C36D-98B4-4166-8B9A-449EA86BA4B1", versionEndExcluding: "14.1-8.50", versionStartIncluding: "14.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "5FB1412D-F8D8-4592-A8A9-C1B841B93D5E", versionEndExcluding: "13.0-92.19", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "28A08B32-D145-499F-866E-BEEEDEBB2901", versionEndExcluding: "13.1-49.15", versionStartIncluding: "13.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "4F1610E6-FE48-4339-8E74-765E0517E33D", versionEndExcluding: "14.1-8.50", versionStartIncluding: "14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. \n\n\n\n", }, { lang: "es", value: "Divulgación de información confidencial en NetScaler ADC y NetScaler Gateway cuando se configura como Gateway (servidor virtual VPN, ICA Proxy, CVPN, RDP Proxy) o servidor \"virtual\" AAA.", }, ], id: "CVE-2023-4966", lastModified: "2024-11-21T08:36:21.617", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 9.4, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.5, source: "secure@citrix.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-10T14:15:10.977", references: [ { source: "secure@citrix.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html", }, { source: "secure@citrix.com", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX579459", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX579459", }, ], sourceIdentifier: "secure@citrix.com", vulnStatus: "Undergoing Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "secure@citrix.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-19 18:15
Modified
2024-11-21 08:17
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Unauthenticated remote code execution
References
Impacted products
{ cisaActionDue: "2023-08-09", cisaExploitAdd: "2023-07-19", cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", cisaVulnerabilityName: "Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", matchCriteriaId: "8927B2FA-F87E-4D81-AC29-9032184ECB7E", versionEndExcluding: "12.1-55.297", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*", matchCriteriaId: "9845E7B1-5604-497D-8241-048E91987C13", versionEndExcluding: "12.1-55.297", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", matchCriteriaId: "AD949674-8DC1-4B0D-8C0C-F593539E12F1", versionEndExcluding: "13.0-91.13", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", matchCriteriaId: "BD0739E3-F7A4-463C-96B0-9D7BDBF218C4", versionEndExcluding: "13.1-37.159", versionStartIncluding: "13.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", matchCriteriaId: "FCEED8AC-F9A9-4F75-BB32-F53967A8E9A0", versionEndExcluding: "13.1-49.13", versionStartIncluding: "13.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:11.1-65.22:*:*:*:fips:*:*:*", matchCriteriaId: "102C0D0F-AC37-43B0-8B9A-103B37436130", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "BC825A83-8D84-42C7-868F-0470FF79D497", versionEndExcluding: "13.0-91.13", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "442F6925-199D-4E5B-84C1-05C4D8108B62", versionEndExcluding: "13.1-49.13", versionStartIncluding: "13.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unauthenticated remote code execution\n", }, ], id: "CVE-2023-3519", lastModified: "2024-11-21T08:17:26.603", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "secure@citrix.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-19T18:15:11.513", references: [ { source: "secure@citrix.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.html", }, { source: "secure@citrix.com", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467", }, ], sourceIdentifier: "secure@citrix.com", vulnStatus: "Undergoing Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "secure@citrix.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-17 20:15
Modified
2024-11-21 08:44
Severity ?
5.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
References
Impacted products
{ cisaActionDue: "2024-01-24", cisaExploitAdd: "2024-01-17", cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", cisaVulnerabilityName: "Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", matchCriteriaId: "E5672003-8E6B-4316-B5C9-FE436080ADD1", versionEndExcluding: "12.1-55.302", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*", matchCriteriaId: "D1A11ABD-4F45-4BA9-B30B-F1D8A612CC15", versionEndExcluding: "12.1-55.302", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", matchCriteriaId: "FC0A5AAC-62DD-416A-A801-A7A95D5EF73C", versionEndExcluding: "13.0-92.21", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", matchCriteriaId: "8C8A6B95-8338-4EE7-A6EC-7D84AEDC4AF3", versionEndExcluding: "13.1-37.176", versionStartIncluding: "13.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", matchCriteriaId: "3CF77D9D-FC89-493D-B97D-F9699D182F54", versionEndExcluding: "13.1-51.15", versionStartIncluding: "13.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", matchCriteriaId: "62CD82CF-9013-4E54-B175-19B804A351AA", versionEndExcluding: "14.1-12.35", versionStartIncluding: "14.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "68E1F810-ABCD-40A7-A8C1-4E8727799C7C", versionEndExcluding: "13.0-92.21", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "E870C309-D5CD-4181-9DEB-4833DE2EAEB7", versionEndExcluding: "13.1-51.15", versionStartIncluding: "13.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "2836707F-A36F-479E-BFDC-CF55AEFC37EE", versionEndExcluding: "14.1-12.35", versionStartIncluding: "14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.", }, { lang: "es", value: "El control inadecuado de la generación de código (\"inyección de código\") en NetScaler ADC y NetScaler Gateway permite a un atacante con acceso a NSIP, CLIP o SNIP con interfaz de administración realizar una ejecución remota de código autenticado (con privilegios bajos) en Management Interface.", }, ], id: "CVE-2023-6548", lastModified: "2024-11-21T08:44:04.570", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "LOW", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 3.4, source: "secure@citrix.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-17T20:15:50.627", references: [ { source: "secure@citrix.com", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549", }, ], sourceIdentifier: "secure@citrix.com", vulnStatus: "Undergoing Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "secure@citrix.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2024-11-21 04:11
Severity ?
Summary
Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.securitytracker.com/id/1040440 | Third Party Advisory, VDB Entry | |
cve@mitre.org | https://support.citrix.com/article/CTX232161 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040440 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX232161 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*", matchCriteriaId: "7E0FA8E2-3E8F-481E-8C39-FB00A9739DFC", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.0:*:*:*:*:*:*:*", matchCriteriaId: "D2C6F82C-9969-4A6E-88C8-AB8BB0AAD3C7", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*", matchCriteriaId: "A5D73B9A-59AA-4A38-AEAF-7EAB0965CD7E", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*", matchCriteriaId: "B9F3ED0E-7F3D-477B-B645-77DA5FC7F502", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*", matchCriteriaId: "D8C7525B-2A2D-43AF-8DA0-11FF28322337", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:11.0:*:*:*:*:*:*:*", matchCriteriaId: "CB678AF5-12B4-41D0-A381-46EE277313B7", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*", matchCriteriaId: "123D42E1-3CDD-4D46-82F6-8982DE716F7E", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*", matchCriteriaId: "FFCE3458-6750-4773-BA18-CAA67A6093D4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request.", }, { lang: "es", value: "Vulnerabilidad de salto de directorio en NetScaler ADC 10.5, 11.0, 11.1 y 12.0 y NetScaler Gateway 10.5, 11.0, 11.1 y12.0 permite que atacantes remotos salten el directorio en el sistema objetivo mediante una petición manipulada.", }, ], id: "CVE-2018-6810", lastModified: "2024-11-21T04:11:14.190", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-03-06T20:29:01.203", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040440", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX232161", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040440", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX232161", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-10 16:15
Modified
2024-11-21 05:38
Severity ?
Summary
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).
References
▼ | URL | Tags | |
---|---|---|---|
support@hackerone.com | https://support.citrix.com/article/CTX276688 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX276688 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC8327D0-8B64-44AF-A230-AAE32F3526CF", versionEndExcluding: "10.5-70.18", versionStartIncluding: "10.5", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D4807513-1157-4CE3-8998-9C5EB9BBDA3E", versionEndExcluding: "11.1-64.14", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "165076F2-014F-46F9-A1AB-2256D935A21B", versionEndExcluding: "12.0-63.21", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D6AE49E6-A6B9-4E2B-9AFB-7F1808D052F6", versionEndExcluding: "12.1-57.18", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "03868D24-B1C0-4245-AE28-0960CF2816C1", versionEndExcluding: "13.0-58.30", versionStartIncluding: "13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BA7AAC01-A7CB-48F4-A25D-4A29479CD0DA", versionEndExcluding: "10.5-70.18", versionStartIncluding: "10.5", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "61C33096-91FD-4387-8B90-C8981DB7F926", versionEndExcluding: "11.1-64.14", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7605821F-21B0-4F9D-AAD1-F901CED00585", versionEndExcluding: "12.0-63.21", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6FA8946F-75C2-4515-9EBE-E1884B35ECF1", versionEndExcluding: "12.1-57.18", versionStartIncluding: "12.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E6D0CC10-FE91-40E4-BFFD-11BE41DD4269", versionEndExcluding: "13.0-58.30", versionStartIncluding: "13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "3EF98B43-71DB-4230-B7AC-76EC2B1F0533", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "B7DF63BB-CCE6-4405-8E6D-6DF1BC975D3D", versionEndExcluding: "10.2.7", versionStartIncluding: "10.2", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "1D1A5E7D-C3A7-48B8-BD6D-5973F8361DEC", versionEndExcluding: "11.0.3d", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "0471F1F0-F804-47BA-98A1-7080E1C740E7", versionEndExcluding: "11.1.1a", versionStartIncluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:4000-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "25C848BC-98F7-41D4-A262-8B7EB304F4C1", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:4100-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "F3979EFF-AE6E-4274-97E2-58C7E01C920E", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:5000-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "C87AF39E-6BCF-4188-BAB1-A5CBDEBF662E", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:5100-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "38514675-1C15-460C-B34C-2633A8A36A78", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).", }, { lang: "es", value: "Una comprobación de entrada inapropiada en Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18 y Citrix SDWAN WAN-OP versiones anteriores a 11.1.1a, 11.0.3d y 10.2.7, resulta en una vulnerabilidad de tipo Cross-Site Scripting (XSS) Almacenado", }, ], id: "CVE-2020-8198", lastModified: "2024-11-21T05:38:29.103", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-10T16:15:12.560", references: [ { source: "support@hackerone.com", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX276688", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX276688", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-18 21:15
Modified
2024-11-21 05:38
Severity ?
Summary
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.
References
▼ | URL | Tags | |
---|---|---|---|
support@hackerone.com | https://support.citrix.com/article/CTX281474 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX281474 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AD2A238E-72C4-4D74-B902-2EE8E602AAC1", versionEndExcluding: "11.1-65.12", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1C991579-B6B8-4F07-9AF9-739452F1F5AA", versionEndExcluding: "12.1-58.15", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ED09F4AE-DCC6-4C7D-BFA1-D22E16893C97", versionEndExcluding: "13.0-64.35", versionStartIncluding: "13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "2F98105E-37A4-46F4-BA82-A8E95372A370", versionEndExcluding: "11.1-65.12", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "178C6CA9-0068-4225-A209-E13A880ED188", versionEndExcluding: "13.0-64.35", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "CFAC08D1-1FE8-4910-9D50-F167537C7C91", versionEndExcluding: "12.1-58.15", versionStartIncluding: "12.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "D76AEFBD-225E-45D3-B604-CAF0032BA861", versionEndExcluding: "10.2.7b", versionStartIncluding: "10.2", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "7296BF8E-186C-4279-AF08-C3D1282322F0", versionEndExcluding: "11.0.3f", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "92806100-D243-43CC-ACA7-DF9E95E2740D", versionEndExcluding: "11.1.2a", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "4FB67ED6-6586-4280-A521-E1EDA81C68BE", versionEndExcluding: "11.2.1a", versionStartIncluding: "11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:sd-wan_wanop:-:*:*:*:*:*:*:*", matchCriteriaId: "10F0ACFD-9D48-43F6-A45C-D5F0313BB952", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.", }, { lang: "es", value: "Citrix ADC y Citrix Gateway versiones 13.0 anteriores a 13.0-64.35, Citrix ADC y NetScaler Gateway versiones 12.1 anteriores a 12.1-58.15, Citrix ADC versiones 12.1-FIPS anteriores a 12.1-55.187, Citrix ADC y NetScaler Gateway versión 12.0, Citrix ADC y NetScaler Gateway versiones 11.1 anteriores a 11.1-65.12, Citrix SD-WAN WANOP versiones 11.2 anteriores a 11.2.1a, Citrix SD-WAN WANOP versiones 11.1 anteriores a 11.1.2a, Citrix SD-WAN WANOP versiones 11.0 anteriores a 11.0.3f, Citrix SD-WAN WANOP versiones 10.2 anteriores a 10.2.7b, son vulnerables a una escalada de privilegios en la interfaz de administración", }, ], id: "CVE-2020-8247", lastModified: "2024-11-21T05:38:35.100", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-18T21:15:13.327", references: [ { source: "support@hackerone.com", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX281474", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX281474", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-05 21:15
Modified
2024-11-21 05:50
Severity ?
Summary
A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed.
References
▼ | URL | Tags | |
---|---|---|---|
support@hackerone.com | https://support.citrix.com/article/CTX319135 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX319135 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "92AEAC43-113D-456B-89C0-1872A67224AC", versionEndExcluding: "11.1-65.22", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "40FC22F7-EA37-48D7-822D-B66EE2B25FE2", versionEndExcluding: "12.1-62.27", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A1035921-397B-4E88-AF1A-DF581B75B4B2", versionEndExcluding: "13.0-82.45", versionStartIncluding: "13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8BEBCAD2-581F-4217-8425-46C03584E673", versionEndExcluding: "12.1-55.238", versionStartIncluding: "12.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:mpx\\/sdx_14030_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "BCB11BC1-0702-436F-BFE2-14B38B118D99", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx\\/sdx_14060_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "8569B182-D0A7-414B-B0A3-4DD2FAB44F69", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx\\/sdx_14080_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "ABB9B3E9-EED4-4D74-BE4C-DFAFAB1F0994", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_15030-50g_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "F60729DF-EDC8-4462-ABD2-6E4199F22701", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_15040-50g_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "B789F02A-56CB-4871-9D9D-FAB0F31A72A1", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_15060-50g_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "06699186-E7E4-463C-8844-77B2A750B985", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_15080-50g_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "F00DBEBF-29BE-4D6A-BF79-19208AAB0D7F", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_15100-50g_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "848169A6-CAD7-4E14-BC5D-B2E94DC93CCB", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_15120-50g_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "3C69709C-885A-4F19-899D-A7B5CE7066EF", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_8905_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "6B2136C1-8AB6-4C70-87F4-1F8A93A876C9", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_8910_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "492323D2-339D-404C-BB9B-E09ABB87FA2B", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_8920_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "AB83185D-DD6F-47CD-B500-499F9EF65093", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "4564E909-7F8E-40DF-B941-FFACC03B97B7", versionEndExcluding: "12.1-62.27", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "FB5357D6-4995-4966-8B63-11E636AD58BC", versionEndExcluding: "13.0-82.45", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "CE3B890B-5A0E-4B5A-A9E1-0C6DDF9524E6", versionEndExcluding: "11.1-65.22", versionStartIncluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "A9B222CD-3235-4153-97B0-D8F6FF1FB7BE", versionEndExcluding: "10.2.9.b", versionStartIncluding: "10.2", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "22226FCE-A3D3-4FAB-909A-7922AAC3035A", versionEndExcluding: "11.2.3.b", versionStartIncluding: "11.2", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "C0A54438-E0DA-4134-87FE-D7BFE30A3BAA", versionEndExcluding: "11.3.2.a", versionStartIncluding: "11.3", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "DB0A1FE7-9F5D-476E-A3E0-2B6260DE0366", versionEndExcluding: "11.4.0.a", versionStartIncluding: "11.4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:4000-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "25C848BC-98F7-41D4-A262-8B7EB304F4C1", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:4100-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "F3979EFF-AE6E-4274-97E2-58C7E01C920E", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:5000-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "C87AF39E-6BCF-4188-BAB1-A5CBDEBF662E", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:5100-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "38514675-1C15-460C-B34C-2633A8A36A78", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed.", }, { lang: "es", value: "Se ha detectado una vulnerabilidad en Citrix ADC (conocido anteriormente como NetScaler ADC) y Citrix Gateway (conocido anteriormente como NetScaler Gateway), y en los modelos 4000-WO, 4100-WO, 5000-WO y 5100-WO de Citrix SD-WAN WANOP Edition. Estas vulnerabilidades, si son explotadas, podrían conllevar a el consumo total del limitado espacio de disco disponible en los dispositivos", }, ], id: "CVE-2021-22919", lastModified: "2024-11-21T05:50:54.897", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-05T21:15:10.997", references: [ { source: "support@hackerone.com", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX319135", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX319135", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-770", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-21 18:15
Modified
2024-11-21 04:32
Severity ?
Summary
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://support.citrix.com/article/CTX261055 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX261055 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*", matchCriteriaId: "D56F2AAF-4658-484C-9A3A-D8A52BA5B10C", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*", matchCriteriaId: "8CE9E655-0D97-4DCF-AC2F-79DCD12770E5", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*", matchCriteriaId: "49454F7D-77B5-46DF-B95C-312AF2E68EAD", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1:*:*:*:*:*:*:*", matchCriteriaId: "201246D4-1E22-4F28-9683-D6A9FD0F7A6B", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:13.0:*:*:*:*:*:*:*", matchCriteriaId: "A3A50966-5554-4919-B6CE-BD8F6FF991D8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*", matchCriteriaId: "7E0FA8E2-3E8F-481E-8C39-FB00A9739DFC", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*", matchCriteriaId: "A5D73B9A-59AA-4A38-AEAF-7EAB0965CD7E", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*", matchCriteriaId: "B9F3ED0E-7F3D-477B-B645-77DA5FC7F502", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:12.1:*:*:*:*:*:*:*", matchCriteriaId: "58349F8E-3177-413A-9CBE-BB454DCD31E4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:gateway_firmware:13.0:*:*:*:*:*:*:*", matchCriteriaId: "A80EAFB1-82DA-49BE-815D-D248624B442C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "3EF98B43-71DB-4230-B7AC-76EC2B1F0533", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name.", }, { lang: "es", value: "Se detectó un problema en Citrix Application Delivery Controller (ADC) y Gateway versiones anteriores a 10.5 build 70.8, versiones 11.x anteriores a 11.1 build 63.9, versión 12.0 anterior a build 62.10, versión 12.1 anterior a build 54.16 y versión 13.0 anterior a build 41.28. Un atacante con acceso a la interfaz de administración puede omitir la autenticación para obtener acceso administrativo del dispositivo. Estos productos anteriormente usaron la marca NetScaler.", }, ], id: "CVE-2019-18225", lastModified: "2024-11-21T04:32:52.460", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-21T18:15:10.680", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX261055", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX261055", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-03-01 17:29
Modified
2024-11-21 04:08
Severity ?
Summary
Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.securityfocus.com/bid/103186 | Third Party Advisory, VDB Entry | |
cve@mitre.org | http://www.securitytracker.com/id/1040439 | Third Party Advisory, VDB Entry | |
cve@mitre.org | https://support.citrix.com/article/CTX232199 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103186 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040439 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX232199 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
citrix | netscaler_application_delivery_controller | 11.0 | |
citrix | netscaler_application_delivery_controller | 11.1 | |
citrix | netscaler_application_delivery_controller | 12.0 | |
citrix | netscaler_gateway | 11.0 | |
citrix | netscaler_gateway | 11.1 | |
citrix | netscaler_gateway | 12.0 | |
citrix | netscaler_sd-wan | 9.3.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:11.0:*:*:*:*:*:*:*", matchCriteriaId: "3F5E9373-2929-445C-9111-763997337B8F", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:11.1:*:*:*:*:*:*:*", matchCriteriaId: "B4BF6327-71CB-4536-9C75-0A4FBDA0CE6F", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F80C2375-6C9C-4EAE-BA20-A09D9DC85CFE", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_gateway:11.0:*:*:*:*:*:*:*", matchCriteriaId: "AD9ED928-BD5A-466D-A7F0-531E2DC1ED11", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_gateway:11.1:*:*:*:*:*:*:*", matchCriteriaId: "7C28575C-9D3E-4818-9CE8-97EBC993E4E2", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_gateway:12.0:*:*:*:*:*:*:*", matchCriteriaId: "9C4E17DA-D4EA-49A9-9AB1-FDCA5A830B59", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_sd-wan:9.3.0:*:*:*:wan_optimization:*:*:*", matchCriteriaId: "2C3A8744-6053-4678-B132-2BD6B0178C7F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.", }, { lang: "es", value: "Vulnerabilidad de inyección de comandos en Citrix NetScaler ADC y NetScaler Gateway en versiones 11.0 anteriores a la build 70.16, versiones 11.1 anteriores a la build 55.13 y las versiones 12.0 anteriores a la build 53.13; y la instancia NetScaler Load Balancing distribuida en NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 y 5100 WAN Optimization Edition 9.3.0 permite que atacantes remotos ejecuten un comando del sistema o lean archivos arbitrarios mediante un mensaje de inicio de sesión SSH.", }, ], id: "CVE-2018-5314", lastModified: "2024-11-21T04:08:34.450", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-03-01T17:29:00.477", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103186", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040439", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX232199", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103186", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040439", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX232199", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-10 16:15
Modified
2024-11-21 05:38
Severity ?
Summary
Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands.
References
▼ | URL | Tags | |
---|---|---|---|
support@hackerone.com | https://support.citrix.com/article/CTX276688 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX276688 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC8327D0-8B64-44AF-A230-AAE32F3526CF", versionEndExcluding: "10.5-70.18", versionStartIncluding: "10.5", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D4807513-1157-4CE3-8998-9C5EB9BBDA3E", versionEndExcluding: "11.1-64.14", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "165076F2-014F-46F9-A1AB-2256D935A21B", versionEndExcluding: "12.0-63.21", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D6AE49E6-A6B9-4E2B-9AFB-7F1808D052F6", versionEndExcluding: "12.1-57.18", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "03868D24-B1C0-4245-AE28-0960CF2816C1", versionEndExcluding: "13.0-58.30", versionStartIncluding: "13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BA7AAC01-A7CB-48F4-A25D-4A29479CD0DA", versionEndExcluding: "10.5-70.18", versionStartIncluding: "10.5", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "61C33096-91FD-4387-8B90-C8981DB7F926", versionEndExcluding: "11.1-64.14", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7605821F-21B0-4F9D-AAD1-F901CED00585", versionEndExcluding: "12.0-63.21", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6FA8946F-75C2-4515-9EBE-E1884B35ECF1", versionEndExcluding: "12.1-57.18", versionStartIncluding: "12.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E6D0CC10-FE91-40E4-BFFD-11BE41DD4269", versionEndExcluding: "13.0-58.30", versionStartIncluding: "13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "3EF98B43-71DB-4230-B7AC-76EC2B1F0533", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands.", }, { lang: "es", value: "Una vulnerabilidad de escalada de privilegios en Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18, permite a un usuario poco privilegiado con acceso de administración ejecutar comandos arbitrarios", }, ], id: "CVE-2020-8197", lastModified: "2024-11-21T05:38:29.000", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-10T16:15:12.483", references: [ { source: "support@hackerone.com", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX276688", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX276688", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-05 21:15
Modified
2024-11-21 05:50
Severity ?
Summary
A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.
References
▼ | URL | Tags | |
---|---|---|---|
support@hackerone.com | https://support.citrix.com/article/CTX319135 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX319135 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "92AEAC43-113D-456B-89C0-1872A67224AC", versionEndExcluding: "11.1-65.22", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "40FC22F7-EA37-48D7-822D-B66EE2B25FE2", versionEndExcluding: "12.1-62.27", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A1035921-397B-4E88-AF1A-DF581B75B4B2", versionEndExcluding: "13.0-82.45", versionStartIncluding: "13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8BEBCAD2-581F-4217-8425-46C03584E673", versionEndExcluding: "12.1-55.238", versionStartIncluding: "12.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:mpx\\/sdx_14030_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "BCB11BC1-0702-436F-BFE2-14B38B118D99", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx\\/sdx_14060_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "8569B182-D0A7-414B-B0A3-4DD2FAB44F69", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx\\/sdx_14080_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "ABB9B3E9-EED4-4D74-BE4C-DFAFAB1F0994", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_15030-50g_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "F60729DF-EDC8-4462-ABD2-6E4199F22701", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_15040-50g_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "B789F02A-56CB-4871-9D9D-FAB0F31A72A1", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_15060-50g_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "06699186-E7E4-463C-8844-77B2A750B985", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_15080-50g_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "F00DBEBF-29BE-4D6A-BF79-19208AAB0D7F", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_15100-50g_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "848169A6-CAD7-4E14-BC5D-B2E94DC93CCB", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_15120-50g_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "3C69709C-885A-4F19-899D-A7B5CE7066EF", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_8905_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "6B2136C1-8AB6-4C70-87F4-1F8A93A876C9", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_8910_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "492323D2-339D-404C-BB9B-E09ABB87FA2B", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_8920_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "AB83185D-DD6F-47CD-B500-499F9EF65093", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "4564E909-7F8E-40DF-B941-FFACC03B97B7", versionEndExcluding: "12.1-62.27", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "FB5357D6-4995-4966-8B63-11E636AD58BC", versionEndExcluding: "13.0-82.45", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "CE3B890B-5A0E-4B5A-A9E1-0C6DDF9524E6", versionEndExcluding: "11.1-65.22", versionStartIncluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.", }, { lang: "es", value: "Se presenta una vulnerabilidad de fijación de sesión en Citrix ADC y Citrix Gateway versión 13.0-82.45, cuando es configurado el proveedor de servicios SAML que podría permitir a un atacante secuestrar una sesión", }, ], id: "CVE-2021-22927", lastModified: "2024-11-21T05:50:56.220", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-05T21:15:11.643", references: [ { source: "support@hackerone.com", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX319135", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX319135", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-384", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-384", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-16 14:15
Modified
2024-11-21 05:38
Severity ?
Summary
Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.
References
▼ | URL | Tags | |
---|---|---|---|
support@hackerone.com | https://support.citrix.com/article/CTX297155 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX297155 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "003574BC-2C37-44D6-9F5E-E931F5ECE169", versionEndExcluding: "12.1-62.23", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "FAE6C6C5-2C85-484E-A61A-C17096C4D9F7", versionEndExcluding: "13.0-82.41", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "D77B2AD2-BAF1-4FD3-B7C5-88AC1B130971", versionEndExcluding: "11.1-65.20", versionStartIncluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E178AA28-B24F-4565-A314-1E58AAC54648", versionEndExcluding: "11.1-65.20", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "024F407E-F369-4B9C-BC3C-5CB0FF613526", versionEndExcluding: "12.1-62.23", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A5675439-B8C6-4ABD-8D53-F2D9BB49F33D", versionEndExcluding: "13.0-82.41", versionStartIncluding: "13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8BEBCAD2-581F-4217-8425-46C03584E673", versionEndExcluding: "12.1-55.238", versionStartIncluding: "12.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:mpx\\/sdx_14030_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "BCB11BC1-0702-436F-BFE2-14B38B118D99", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx\\/sdx_14060_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "8569B182-D0A7-414B-B0A3-4DD2FAB44F69", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx\\/sdx_14080_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "ABB9B3E9-EED4-4D74-BE4C-DFAFAB1F0994", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_15030-50g_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "F60729DF-EDC8-4462-ABD2-6E4199F22701", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_15040-50g_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "B789F02A-56CB-4871-9D9D-FAB0F31A72A1", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_15060-50g_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "06699186-E7E4-463C-8844-77B2A750B985", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_15080-50g_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "F00DBEBF-29BE-4D6A-BF79-19208AAB0D7F", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_15100-50g_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "848169A6-CAD7-4E14-BC5D-B2E94DC93CCB", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_15120-50g_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "3C69709C-885A-4F19-899D-A7B5CE7066EF", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_8905_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "6B2136C1-8AB6-4C70-87F4-1F8A93A876C9", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_8910_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "492323D2-339D-404C-BB9B-E09ABB87FA2B", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_8920_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "AB83185D-DD6F-47CD-B500-499F9EF65093", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.", }, { lang: "es", value: "Citrix ADC y Citrix/NetScaler Gateway versiones anteriores a 13.0-82.41, 12.1-62.23, 11.1-65.20 y Citrix ADC 12.1-FIPS versiones anteriores a 12.1-55.238, sufren de un control de acceso inapropiado que permite el secuestro de la autenticación SAML mediante un ataque de phishing para robar una sesión de usuario válida. Tome en cuenta que Citrix ADC o Citrix Gateway deben estar configurados como un SP SAML o un IdP SAML para que esto sea posible", }, ], id: "CVE-2020-8300", lastModified: "2024-11-21T05:38:41.320", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-16T14:15:08.440", references: [ { source: "support@hackerone.com", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX297155", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX297155", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-19 19:15
Modified
2024-11-21 08:17
Severity ?
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Privilege Escalation to root administrator (nsroot)
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", matchCriteriaId: "8927B2FA-F87E-4D81-AC29-9032184ECB7E", versionEndExcluding: "12.1-55.297", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*", matchCriteriaId: "9845E7B1-5604-497D-8241-048E91987C13", versionEndExcluding: "12.1-55.297", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", matchCriteriaId: "AD949674-8DC1-4B0D-8C0C-F593539E12F1", versionEndExcluding: "13.0-91.13", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", matchCriteriaId: "BD0739E3-F7A4-463C-96B0-9D7BDBF218C4", versionEndExcluding: "13.1-37.159", versionStartIncluding: "13.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", matchCriteriaId: "FCEED8AC-F9A9-4F75-BB32-F53967A8E9A0", versionEndExcluding: "13.1-49.13", versionStartIncluding: "13.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:11.1-65.22:*:*:*:fips:*:*:*", matchCriteriaId: "102C0D0F-AC37-43B0-8B9A-103B37436130", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "BC825A83-8D84-42C7-868F-0470FF79D497", versionEndExcluding: "13.0-91.13", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "442F6925-199D-4E5B-84C1-05C4D8108B62", versionEndExcluding: "13.1-49.13", versionStartIncluding: "13.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Privilege Escalation to root administrator (nsroot)\n", }, ], id: "CVE-2023-3467", lastModified: "2024-11-21T08:17:19.920", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "secure@citrix.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-19T19:15:12.110", references: [ { source: "secure@citrix.com", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467", }, ], sourceIdentifier: "secure@citrix.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "secure@citrix.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-18 21:15
Modified
2024-11-21 05:38
Severity ?
Summary
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network.
References
▼ | URL | Tags | |
---|---|---|---|
support@hackerone.com | https://support.citrix.com/article/CTX281474 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX281474 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AD2A238E-72C4-4D74-B902-2EE8E602AAC1", versionEndExcluding: "11.1-65.12", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1C991579-B6B8-4F07-9AF9-739452F1F5AA", versionEndExcluding: "12.1-58.15", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ED09F4AE-DCC6-4C7D-BFA1-D22E16893C97", versionEndExcluding: "13.0-64.35", versionStartIncluding: "13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "2F98105E-37A4-46F4-BA82-A8E95372A370", versionEndExcluding: "11.1-65.12", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "178C6CA9-0068-4225-A209-E13A880ED188", versionEndExcluding: "13.0-64.35", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "CFAC08D1-1FE8-4910-9D50-F167537C7C91", versionEndExcluding: "12.1-58.15", versionStartIncluding: "12.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "D76AEFBD-225E-45D3-B604-CAF0032BA861", versionEndExcluding: "10.2.7b", versionStartIncluding: "10.2", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "7296BF8E-186C-4279-AF08-C3D1282322F0", versionEndExcluding: "11.0.3f", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "92806100-D243-43CC-ACA7-DF9E95E2740D", versionEndExcluding: "11.1.2a", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "4FB67ED6-6586-4280-A521-E1EDA81C68BE", versionEndExcluding: "11.2.1a", versionStartIncluding: "11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:sd-wan_wanop:-:*:*:*:*:*:*:*", matchCriteriaId: "10F0ACFD-9D48-43F6-A45C-D5F0313BB952", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network.", }, { lang: "es", value: "Citrix ADC y Citrix Gateway versiones 13.0 anteriores a 13.0-64.35, Citrix ADC y NetScaler Gateway versiones 12.1 anteriores a 12.1-58.15, Citrix ADC versiones 12.1-FIPS anteriores a 12.1-55.187, Citrix ADC y NetScaler Gateway versión 12.0, Citrix ADC y NetScaler Gateway versiones 11.1 anteriores a 11.1-65.12, Citrix SD-WAN WANOP versiones 11.2 anteriores a 11.2.1a, Citrix SD-WAN WANOP versiones 11.1 anteriores a 11.1.2a, Citrix SD-WAN WANOP versiones 11.0 anteriores a 11.0.3f, Citrix SD-WAN WANOP versiones 10.2 anteriores a 10.2.7b, son vulnerables a un ataque de denegación de servicio que se origina en la red de administración", }, ], id: "CVE-2020-8246", lastModified: "2024-11-21T05:38:34.983", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-18T21:15:13.263", references: [ { source: "support@hackerone.com", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX281474", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX281474", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-22 16:29
Modified
2024-11-21 04:22
Severity ?
Summary
A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BF749290-81B6-4772-A61A-699B6181791D", versionEndExcluding: "10.5.70", versionStartIncluding: "10.5.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0B4EE820-252E-4137-8B35-842DAB2994F7", versionEndExcluding: "11.1.59.10", versionStartIncluding: "11.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2BDB18E6-DBF6-42E7-A37A-70A96CB24CF8", versionEndExcluding: "12.0.59.8", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "05C7D109-77A2-47A6-845D-6BCF946999ED", versionEndExcluding: "12.1.49.23", versionStartIncluding: "12.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BF7D848E-A8E5-465F-9F23-A1B6F80D00D5", versionEndExcluding: "10.5.70", versionStartIncluding: "10.5.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F5AF866E-4D80-40DE-9166-D1D8799D8754", versionEndExcluding: "11.1.59.10", versionStartIncluding: "11.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "70220C9E-7F3B-40CE-A8C5-D230803BFC02", versionEndExcluding: "12.0.59.8", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "89196BF4-8CF9-4559-8CC4-9008D64C1C6F", versionEndExcluding: "12.1.49.23", versionStartIncluding: "12.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23.", }, { lang: "es", value: "Existe un desbordamiento de búfer en Citrix NetScaler Gateway versiones 10.5.x, anteriores 10.5.70.x, versiones 11.1.x, anteriores 11.1.59.10, versiones 12.0.x ,anteriores 12.0.59.8, y versiones 12.1.x anterior 12.1.49.23 y Citrix Application Delivery Controller versiones 10.5.x, anterior 10.5.70.x, versión 11.1.x anterior 11.1.59.10, versión 12.0.x anterior 12.0.59.8,y versión 12.1.x anterior 12.1.49.23.", }, ], id: "CVE-2019-12044", lastModified: "2024-11-21T04:22:09.690", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-22T16:29:01.243", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX249976", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/v1/search?searchQuery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletin", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX249976", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/v1/search?searchQuery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletin", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-02-22 23:29
Modified
2024-11-21 04:46
Severity ?
Summary
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.securityfocus.com/bid/106783 | Third Party Advisory, VDB Entry | |
cve@mitre.org | https://github.com/RUB-NDS/TLS-Padding-Oracles | Product, Third Party Advisory | |
cve@mitre.org | https://support.citrix.com/article/CTX240139 | Mitigation, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106783 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/RUB-NDS/TLS-Padding-Oracles | Product, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX240139 | Mitigation, Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*", matchCriteriaId: "7E0FA8E2-3E8F-481E-8C39-FB00A9739DFC", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.0:*:*:*:*:*:*:*", matchCriteriaId: "D2C6F82C-9969-4A6E-88C8-AB8BB0AAD3C7", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*", matchCriteriaId: "A5D73B9A-59AA-4A38-AEAF-7EAB0965CD7E", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*", matchCriteriaId: "B9F3ED0E-7F3D-477B-B645-77DA5FC7F502", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:12.1:*:*:*:*:*:*:*", matchCriteriaId: "58349F8E-3177-413A-9CBE-BB454DCD31E4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*", matchCriteriaId: "D8C7525B-2A2D-43AF-8DA0-11FF28322337", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:11.0:*:*:*:*:*:*:*", matchCriteriaId: "CB678AF5-12B4-41D0-A381-46EE277313B7", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*", matchCriteriaId: "123D42E1-3CDD-4D46-82F6-8982DE716F7E", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*", matchCriteriaId: "FFCE3458-6750-4773-BA18-CAA67A6093D4", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:12.1:*:*:*:*:*:*:*", matchCriteriaId: "28A1E3C0-5A62-4EAC-941C-DFAF0F277E5B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled.", }, { lang: "es", value: "Citrix NetScaler Gateway, en versiones 12.1 anteriores a la build 50.31, versiones 12.0 anteriores a la build 60.9, versiones 11.1 anteriores a la build 60.14, versiones 11.0 anteriores a la build 72.17 y en versiones 10.5 anteriores a la build 69.5, así como Application Delivery Controller (ADC), en versiones 12.1 anteriores a la build 50.31, versiones 12.0 anteriores a la build 60.9, versiones 11.1 anteriores a la build 60.14, versiones 11.0 anteriores a la build 72.17 y versiones 10.5 anteriores a la build 69.5 permiten que los atacantes remotos obtengan información sensible en texto plano debido a una vulnerabilidad \"TLS Padding Oracle\" cuando los conjuntos de cifrado basados en CBC están habilitados.", }, ], id: "CVE-2019-6485", lastModified: "2024-11-21T04:46:31.910", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-02-22T23:29:00.283", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106783", }, { source: "cve@mitre.org", tags: [ "Product", "Third Party Advisory", ], url: "https://github.com/RUB-NDS/TLS-Padding-Oracles", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX240139", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106783", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", "Third Party Advisory", ], url: "https://github.com/RUB-NDS/TLS-Padding-Oracles", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX240139", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-327", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-10 16:15
Modified
2024-11-21 05:38
Severity ?
Summary
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
References
▼ | URL | Tags | |
---|---|---|---|
support@hackerone.com | http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html | Exploit, Third Party Advisory, VDB Entry | |
support@hackerone.com | https://support.citrix.com/article/CTX276688 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html | Exploit, Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX276688 | Vendor Advisory |
Impacted products
{ cisaActionDue: "2022-05-03", cisaExploitAdd: "2021-11-03", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC8327D0-8B64-44AF-A230-AAE32F3526CF", versionEndExcluding: "10.5-70.18", versionStartIncluding: "10.5", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D4807513-1157-4CE3-8998-9C5EB9BBDA3E", versionEndExcluding: "11.1-64.14", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "165076F2-014F-46F9-A1AB-2256D935A21B", versionEndExcluding: "12.0-63.21", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D6AE49E6-A6B9-4E2B-9AFB-7F1808D052F6", versionEndExcluding: "12.1-57.18", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "03868D24-B1C0-4245-AE28-0960CF2816C1", versionEndExcluding: "13.0-58.30", versionStartIncluding: "13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BA7AAC01-A7CB-48F4-A25D-4A29479CD0DA", versionEndExcluding: "10.5-70.18", versionStartIncluding: "10.5", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "61C33096-91FD-4387-8B90-C8981DB7F926", versionEndExcluding: "11.1-64.14", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7605821F-21B0-4F9D-AAD1-F901CED00585", versionEndExcluding: "12.0-63.21", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6FA8946F-75C2-4515-9EBE-E1884B35ECF1", versionEndExcluding: "12.1-57.18", versionStartIncluding: "12.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E6D0CC10-FE91-40E4-BFFD-11BE41DD4269", versionEndExcluding: "13.0-58.30", versionStartIncluding: "13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "3EF98B43-71DB-4230-B7AC-76EC2B1F0533", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "B7DF63BB-CCE6-4405-8E6D-6DF1BC975D3D", versionEndExcluding: "10.2.7", versionStartIncluding: "10.2", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "1D1A5E7D-C3A7-48B8-BD6D-5973F8361DEC", versionEndExcluding: "11.0.3d", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "0471F1F0-F804-47BA-98A1-7080E1C740E7", versionEndExcluding: "11.1.1a", versionStartIncluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:4000-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "25C848BC-98F7-41D4-A262-8B7EB304F4C1", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:4100-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "F3979EFF-AE6E-4274-97E2-58C7E01C920E", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:5000-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "C87AF39E-6BCF-4188-BAB1-A5CBDEBF662E", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:5100-wo:-:*:*:*:*:*:*:*", matchCriteriaId: "38514675-1C15-460C-B34C-2633A8A36A78", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:citrix:gateway_plug-in_for_linux:*:*:*:*:*:*:*:*", matchCriteriaId: "25969217-EB50-466A-9F0F-5DEB1805B27D", versionEndExcluding: "1.0.0.137", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.", }, { lang: "es", value: "Una comprobación de entrada inapropiada en Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18 y Citrix SDWAN WAN-OP versiones anteriores a 11.1.1a, 11.0.3d y 10.2.7, resulta en una divulgación de información limitada para usuarios poco privilegiados", }, ], id: "CVE-2020-8195", lastModified: "2024-11-21T05:38:28.767", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-10T16:15:12.327", references: [ { source: "support@hackerone.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html", }, { source: "support@hackerone.com", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX276688", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX276688", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-27 19:15
Modified
2024-11-21 08:36
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server
References
▼ | URL | Tags | |
---|---|---|---|
secure@citrix.com | https://support.citrix.com/article/CTX579459/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX579459/ | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "2409DF4E-68CB-4B8D-BA47-D68A3ABCBBF5", versionEndExcluding: "13.0-92.19", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "3343FD78-6DC8-40CC-A349-FB98654EEE97", versionEndExcluding: "13.1-49.15", versionStartIncluding: "13.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "46848B81-A561-47FC-A0C9-7C4A9E896F7E", versionEndExcluding: "14.1-8.50", versionStartIncluding: "14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "5FB1412D-F8D8-4592-A8A9-C1B841B93D5E", versionEndExcluding: "13.0-92.19", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "28A08B32-D145-499F-866E-BEEEDEBB2901", versionEndExcluding: "13.1-49.15", versionStartIncluding: "13.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "4F1610E6-FE48-4339-8E74-765E0517E33D", versionEndExcluding: "14.1-8.50", versionStartIncluding: "14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", matchCriteriaId: "ACB785DB-4EDF-4A7D-A6CE-B473E2598C15", versionEndIncluding: "12.1-55.300", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*", matchCriteriaId: "A2265F5D-6B66-4597-984E-1E479384A2CA", versionEndIncluding: "12.1-55.300", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", matchCriteriaId: "29C01D44-FAA8-48DF-8877-FA7F56FFE0A3", versionEndIncluding: "13.1-37.164", versionStartIncluding: "13.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server", }, { lang: "es", value: "Denegación de Servicio (DoS) en NetScaler ADC y NetScaler Gateway cuando se configura como Gateway (servidor virtual VPN, proxy ICA, CVPN, proxy RDP) o Servidor Virtual AAA", }, ], id: "CVE-2023-4967", lastModified: "2024-11-21T08:36:21.797", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.2, source: "secure@citrix.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-27T19:15:41.620", references: [ { source: "secure@citrix.com", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX579459/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX579459/", }, ], sourceIdentifier: "secure@citrix.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "secure@citrix.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-02-17 15:59
Modified
2024-11-21 02:47
Severity ?
Summary
The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:citrix:netscaler:10.1:*:*:*:*:*:*:*", matchCriteriaId: "ADF49FFA-B7D2-4BA0-A633-5CD58083F351", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler:10.5:*:*:*:*:*:*:*", matchCriteriaId: "375EE327-CD32-4735-B896-08A50C1931D2", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler:10.5e:*:*:*:*:*:*:*", matchCriteriaId: "93F54B1F-BD90-4152-94AA-C3EBC013F30C", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler:11.0:*:*:*:*:*:*:*", matchCriteriaId: "005FE189-80FF-406C-88E5-B9D9B0723779", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:citrix:netscaler:10.1:*:*:*:*:*:*:*", matchCriteriaId: "ADF49FFA-B7D2-4BA0-A633-5CD58083F351", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler:10.5:*:*:*:*:*:*:*", matchCriteriaId: "375EE327-CD32-4735-B896-08A50C1931D2", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler:10.5e:*:*:*:*:*:*:*", matchCriteriaId: "93F54B1F-BD90-4152-94AA-C3EBC013F30C", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler:11.0:*:*:*:*:*:*:*", matchCriteriaId: "005FE189-80FF-406C-88E5-B9D9B0723779", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.", }, { lang: "es", value: "La Administrative Web Interface en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway 11.x en versiones anteriores a 11.0 Build 64.34, 10.5 en versiones anteriores a 10.5 Build 59.13, 10.5.e en versiones anteriores a Build 59.1305.e y 10.1 permite a atacantes remotos llevar a cabo ataques de secuestro de clic a través de vectores no especificados.", }, ], id: "CVE-2016-2072", lastModified: "2024-11-21T02:47:45.027", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-17T15:59:05.750", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://support.citrix.com/article/CTX206001", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1035098", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://support.citrix.com/article/CTX206001", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035098", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-254", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-13 14:59
Modified
2024-11-21 03:31
Severity ?
Summary
A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.securityfocus.com/bid/97626 | Third Party Advisory, Vendor Advisory | |
cve@mitre.org | http://www.securitytracker.com/id/1038283 | ||
cve@mitre.org | https://support.citrix.com/article/CTX222657 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97626 | Third Party Advisory, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038283 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX222657 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
citrix | netscaler_gateway_firmware | 10.1 | |
citrix | netscaler_gateway_firmware | 10.5 | |
citrix | netscaler_gateway_firmware | 11.0 | |
citrix | netscaler_gateway_firmware | 11.1 | |
citrix | netscaler_gateway | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1:*:*:*:*:*:*:*", matchCriteriaId: "A254925E-AD47-4722-AAB2-43A6FEA900AC", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*", matchCriteriaId: "7E0FA8E2-3E8F-481E-8C39-FB00A9739DFC", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.0:*:*:*:*:*:*:*", matchCriteriaId: "D2C6F82C-9969-4A6E-88C8-AB8BB0AAD3C7", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*", matchCriteriaId: "A5D73B9A-59AA-4A38-AEAF-7EAB0965CD7E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors.", }, { lang: "es", value: "Una vulnerabilidad de desbordamiento de montón en las versiones Citrix NetScaler Gateway 10.1 en versiones anteriores a 135.8/135.12, 10.5 en versiones anteriores a 65.11, 11.0 en versiones anteriores a 70.12 y 11.1 en versiones anteriores a 52.13 permite a un atacante remoto autenticado ejecutar comandos arbitrarios a través de vectores no especificados.", }, ], id: "CVE-2017-7219", lastModified: "2024-11-21T03:31:23.933", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-13T14:59:01.900", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/97626", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1038283", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX222657", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/97626", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1038283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX222657", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-02-17 15:59
Modified
2024-11-21 02:47
Severity ?
Summary
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:citrix:netscaler:10.5:*:*:*:*:*:*:*", matchCriteriaId: "375EE327-CD32-4735-B896-08A50C1931D2", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler:10.5e:*:*:*:*:*:*:*", matchCriteriaId: "93F54B1F-BD90-4152-94AA-C3EBC013F30C", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler:11.0:*:*:*:*:*:*:*", matchCriteriaId: "005FE189-80FF-406C-88E5-B9D9B0723779", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:citrix:netscaler:10.5:*:*:*:*:*:*:*", matchCriteriaId: "375EE327-CD32-4735-B896-08A50C1931D2", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler:10.5e:*:*:*:*:*:*:*", matchCriteriaId: "93F54B1F-BD90-4152-94AA-C3EBC013F30C", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler:11.0:*:*:*:*:*:*:*", matchCriteriaId: "005FE189-80FF-406C-88E5-B9D9B0723779", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands.", }, { lang: "es", value: "Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway 11.x en versiones anteriores a 11.0 Build 64.34, 10.5 en versiones anteriores a 10.5 Build 59.13 y 10.5.e en versiones anteriores a Build 59.1305.e permite a atacantes remotos obtener privilegios a través de comandos NS Web GUI no especificados.", }, ], id: "CVE-2016-2071", lastModified: "2024-11-21T02:47:44.883", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-17T15:59:04.767", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://support.citrix.com/article/CTX206001", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1035098", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://support.citrix.com/article/CTX206001", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035098", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-18 21:15
Modified
2024-11-21 05:38
Severity ?
Summary
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal.
References
▼ | URL | Tags | |
---|---|---|---|
support@hackerone.com | https://support.citrix.com/article/CTX281474 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX281474 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AD2A238E-72C4-4D74-B902-2EE8E602AAC1", versionEndExcluding: "11.1-65.12", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1C991579-B6B8-4F07-9AF9-739452F1F5AA", versionEndExcluding: "12.1-58.15", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ED09F4AE-DCC6-4C7D-BFA1-D22E16893C97", versionEndExcluding: "13.0-64.35", versionStartIncluding: "13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "2F98105E-37A4-46F4-BA82-A8E95372A370", versionEndExcluding: "11.1-65.12", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "178C6CA9-0068-4225-A209-E13A880ED188", versionEndExcluding: "13.0-64.35", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "CFAC08D1-1FE8-4910-9D50-F167537C7C91", versionEndExcluding: "12.1-58.15", versionStartIncluding: "12.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal.", }, { lang: "es", value: "Una Comprobación de Entrada inapropiada en Citrix ADC y Citrix Gateway versiones 13.0 anteriores a 13.0-64.35, Citrix ADC y NetScaler Gateway versiones 12.1 anteriores a 12.1-58.15, Citrix ADC versiones 12.1-FIPS anteriores a 12.1-55.187, Citrix ADC y NetScaler Gateway versión 12.0, Citrix ADC y NetScaler Gateway 11.1 antes 11.1-65.12, Citrix SD-WAN WANOP versiones 11.2 anteriores a 11.2.1a, Citrix SD-WAN WANOP versiones 11.1 anteriores a 11.1.2a, Citrix SD-WAN WANOP versiones 11.0 anteriores a 11.0.3f, Citrix SD-WAN WANOP versiones 10.2 anteriores a 10.2.7b, conlleva a un ataque de Inyección HTML contra el portal web SSL VPN", }, ], id: "CVE-2020-8245", lastModified: "2024-11-21T05:38:34.877", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-18T21:15:13.170", references: [ { source: "support@hackerone.com", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX281474", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX281474", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-19 19:15
Modified
2024-11-21 08:17
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Reflected Cross-Site Scripting (XSS)
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", matchCriteriaId: "8927B2FA-F87E-4D81-AC29-9032184ECB7E", versionEndExcluding: "12.1-55.297", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*", matchCriteriaId: "9845E7B1-5604-497D-8241-048E91987C13", versionEndExcluding: "12.1-55.297", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", matchCriteriaId: "AD949674-8DC1-4B0D-8C0C-F593539E12F1", versionEndExcluding: "13.0-91.13", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*", matchCriteriaId: "BD0739E3-F7A4-463C-96B0-9D7BDBF218C4", versionEndExcluding: "13.1-37.159", versionStartIncluding: "13.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*", matchCriteriaId: "FCEED8AC-F9A9-4F75-BB32-F53967A8E9A0", versionEndExcluding: "13.1-49.13", versionStartIncluding: "13.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:11.1-65.22:*:*:*:fips:*:*:*", matchCriteriaId: "102C0D0F-AC37-43B0-8B9A-103B37436130", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "BC825A83-8D84-42C7-868F-0470FF79D497", versionEndExcluding: "13.0-91.13", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "442F6925-199D-4E5B-84C1-05C4D8108B62", versionEndExcluding: "13.1-49.13", versionStartIncluding: "13.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Reflected Cross-Site Scripting (XSS)\n", }, ], id: "CVE-2023-3466", lastModified: "2024-11-21T08:17:19.750", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 6, source: "secure@citrix.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-19T19:15:12.017", references: [ { source: "secure@citrix.com", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467", }, ], sourceIdentifier: "secure@citrix.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "secure@citrix.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-08-02 19:29
Modified
2024-11-21 02:29
Severity ?
Summary
The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://support.citrix.com/article/CTX200378 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://support.citrix.com/article/CTX200378 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
citrix | netscaler_firmware | 9.0 | |
citrix | netscaler_firmware | 9.1 | |
citrix | netscaler_firmware | 9.2 | |
citrix | netscaler_firmware | 10.0 | |
citrix | netscaler_firmware | 10.1 | |
citrix | netscaler_firmware | 10.1e | |
citrix | netscaler_firmware | 10.5 | |
citrix | netscaler_firmware | 10.5e | |
citrix | netscaler_application_delivery_controller | - | |
citrix | netscaler_firmware | 9.0 | |
citrix | netscaler_firmware | 9.1 | |
citrix | netscaler_firmware | 9.2 | |
citrix | netscaler_firmware | 10.0 | |
citrix | netscaler_firmware | 10.1 | |
citrix | netscaler_firmware | 10.1e | |
citrix | netscaler_firmware | 10.5 | |
citrix | netscaler_firmware | 10.5e | |
citrix | netscaler_gateway | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_firmware:9.0:*:*:*:*:*:*:*", matchCriteriaId: "77E759CD-4DF3-4B30-ADFD-9E63F753DFC1", vulnerable: false, }, { criteria: "cpe:2.3:o:citrix:netscaler_firmware:9.1:*:*:*:*:*:*:*", matchCriteriaId: "9CC7D1B6-5C2D-4407-A55C-78FE6B899B46", vulnerable: false, }, { criteria: "cpe:2.3:o:citrix:netscaler_firmware:9.2:*:*:*:*:*:*:*", matchCriteriaId: "2391E6E2-5E57-4E35-8F2C-89813F999F1F", vulnerable: false, }, { criteria: "cpe:2.3:o:citrix:netscaler_firmware:10.0:*:*:*:*:*:*:*", matchCriteriaId: "61D94767-47A9-4516-BB4F-7800301214EB", vulnerable: false, }, { criteria: "cpe:2.3:o:citrix:netscaler_firmware:10.1:*:*:*:*:*:*:*", matchCriteriaId: "99708F67-F4F1-4651-88FB-97869B9704C0", vulnerable: false, }, { criteria: "cpe:2.3:o:citrix:netscaler_firmware:10.1e:*:*:*:*:*:*:*", matchCriteriaId: "6ABD1DF6-BE2F-4A23-ACD4-C33CFF68CB36", vulnerable: false, }, { criteria: "cpe:2.3:o:citrix:netscaler_firmware:10.5:*:*:*:*:*:*:*", matchCriteriaId: "F0F108EA-A307-46FE-A093-5EF78182BC2A", vulnerable: false, }, { criteria: "cpe:2.3:o:citrix:netscaler_firmware:10.5e:*:*:*:*:*:*:*", matchCriteriaId: "208B0DD8-6635-4201-B565-FDA647F9F2E3", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_firmware:9.0:*:*:*:*:*:*:*", matchCriteriaId: "77E759CD-4DF3-4B30-ADFD-9E63F753DFC1", vulnerable: false, }, { criteria: "cpe:2.3:o:citrix:netscaler_firmware:9.1:*:*:*:*:*:*:*", matchCriteriaId: "9CC7D1B6-5C2D-4407-A55C-78FE6B899B46", vulnerable: false, }, { criteria: "cpe:2.3:o:citrix:netscaler_firmware:9.2:*:*:*:*:*:*:*", matchCriteriaId: "2391E6E2-5E57-4E35-8F2C-89813F999F1F", vulnerable: false, }, { criteria: "cpe:2.3:o:citrix:netscaler_firmware:10.0:*:*:*:*:*:*:*", matchCriteriaId: "61D94767-47A9-4516-BB4F-7800301214EB", vulnerable: false, }, { criteria: "cpe:2.3:o:citrix:netscaler_firmware:10.1:*:*:*:*:*:*:*", matchCriteriaId: "99708F67-F4F1-4651-88FB-97869B9704C0", vulnerable: false, }, { criteria: "cpe:2.3:o:citrix:netscaler_firmware:10.1e:*:*:*:*:*:*:*", matchCriteriaId: "6ABD1DF6-BE2F-4A23-ACD4-C33CFF68CB36", vulnerable: false, }, { criteria: "cpe:2.3:o:citrix:netscaler_firmware:10.5:*:*:*:*:*:*:*", matchCriteriaId: "F0F108EA-A307-46FE-A093-5EF78182BC2A", vulnerable: false, }, { criteria: "cpe:2.3:o:citrix:netscaler_firmware:10.5e:*:*:*:*:*:*:*", matchCriteriaId: "208B0DD8-6635-4201-B565-FDA647F9F2E3", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).", }, { lang: "es", value: "Las funcionalidades de procesamiento TLS y DTLS en dispositivos Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway con versiones de firmware 9.x anteriores a 9.3 Build 68.5, 10.0 en su versión Build 78.6, 10.1 anterior a Build 130.13, 10.1.e anterior a Build 130.1302.e, 10.5 anterior a Build 55.8, y 10.5.e anterior a Build 55.8007.e hacen que sea más fácil que atacantes que realizan Man-in-the-middle obtengan datos en texto plano mediante un ataque padding-oracle, variante de CVE-2014-3566, también conocido como POODLE.", }, ], id: "CVE-2015-3642", lastModified: "2024-11-21T02:29:33.240", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-08-02T19:29:00.477", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://support.citrix.com/article/CTX200378", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://support.citrix.com/article/CTX200378", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-10 16:15
Modified
2024-11-21 05:38
Severity ?
Summary
Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack.
References
▼ | URL | Tags | |
---|---|---|---|
support@hackerone.com | https://support.citrix.com/article/CTX276688 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX276688 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "906C3ABF-27C3-4ADD-9350-BDAA82994C34", versionEndExcluding: "11.1-63.9", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "85149DE8-82B5-4105-BBA5-F69B45AB4411", versionEndExcluding: "12.0-62.10", versionStartIncluding: "12.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "36CA9337-8219-4BAE-A050-5A56C3E60E32", versionEndExcluding: "11.1-63.9", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "01DB94F6-D733-4A4E-9353-68D59C5CB5DC", versionEndExcluding: "12.0-62.10", versionStartIncluding: "12.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack.", }, { lang: "es", value: "Una comprobación de entrada inapropiada en Citrix ADC y Citrix Gateway versiones anteriores a 11.1-63.9 y 12.0-62.10, permite a usuarios no autenticados llevar a cabo un ataque de denegación de servicio", }, ], id: "CVE-2020-8187", lastModified: "2024-11-21T05:38:27.843", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-10T16:15:11.937", references: [ { source: "support@hackerone.com", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX276688", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX276688", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-16 14:15
Modified
2024-11-21 05:38
Severity ?
Summary
Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.
References
▼ | URL | Tags | |
---|---|---|---|
support@hackerone.com | https://support.citrix.com/article/CTX297155 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX297155 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "871316FC-14DC-41BE-971B-61FBE11D5ABF", versionEndExcluding: "12.1-61.18", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "FAA24333-CF47-45C2-81E3-C990095920D6", versionEndExcluding: "13.0-76.29", versionStartIncluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "D77B2AD2-BAF1-4FD3-B7C5-88AC1B130971", versionEndExcluding: "11.1-65.20", versionStartIncluding: "11.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E178AA28-B24F-4565-A314-1E58AAC54648", versionEndExcluding: "11.1-65.20", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7AEBA65F-2FEA-45B2-9118-8781258BC28D", versionEndExcluding: "12.1-61.18", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F78FBC6-84A1-4D99-8D70-BA5AF4B1F2BD", versionEndExcluding: "13.0-76.29", versionStartIncluding: "13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8BEBCAD2-581F-4217-8425-46C03584E673", versionEndExcluding: "12.1-55.238", versionStartIncluding: "12.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:mpx\\/sdx_14030_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "BCB11BC1-0702-436F-BFE2-14B38B118D99", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx\\/sdx_14060_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "8569B182-D0A7-414B-B0A3-4DD2FAB44F69", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx\\/sdx_14080_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "ABB9B3E9-EED4-4D74-BE4C-DFAFAB1F0994", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_15030-50g_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "F60729DF-EDC8-4462-ABD2-6E4199F22701", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_15040-50g_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "B789F02A-56CB-4871-9D9D-FAB0F31A72A1", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_15060-50g_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "06699186-E7E4-463C-8844-77B2A750B985", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_15080-50g_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "F00DBEBF-29BE-4D6A-BF79-19208AAB0D7F", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_15100-50g_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "848169A6-CAD7-4E14-BC5D-B2E94DC93CCB", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_15120-50g_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "3C69709C-885A-4F19-899D-A7B5CE7066EF", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_8905_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "6B2136C1-8AB6-4C70-87F4-1F8A93A876C9", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_8910_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "492323D2-339D-404C-BB9B-E09ABB87FA2B", vulnerable: false, }, { criteria: "cpe:2.3:h:citrix:mpx_8920_fips:-:*:*:*:*:*:*:*", matchCriteriaId: "AB83185D-DD6F-47CD-B500-499F9EF65093", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "E2E30C0C-32F2-4257-B946-600E3123A0D2", versionEndExcluding: "10.2.9a", versionStartIncluding: "10.2", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "469E2490-71B8-48FB-A032-08922C75339A", versionEndExcluding: "11.1.2c", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "56A52140-F4AE-4616-91E7-FF941EA26343", versionEndExcluding: "11.2.3a", versionStartIncluding: "11.2", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*", matchCriteriaId: "974341A5-6B06-4975-9406-CF41AB0E92F6", versionEndExcluding: "11.3.2", versionStartIncluding: "11.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.", }, { lang: "es", value: "Citrix ADC y Citrix/NetScaler Gateway versiones 13.0 anteriores a 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC versiones 12.1-FIPS anteriores a 12.1-55.238, y Citrix SD-WAN WANOP Edition versiones anteriores a 11.4.0, 11. 3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a, sufren un consumo no controlado de recursos mediante una denegación de servicio basada en la red desde el mismo segmento de red de capa 2. Tome en cuenta que el atacante debe estar en el mismo segmento de red de capa 2 que el dispositivo vulnerable", }, ], id: "CVE-2020-8299", lastModified: "2024-11-21T05:38:41.210", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-16T14:15:08.107", references: [ { source: "support@hackerone.com", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX297155", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX297155", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-10 16:15
Modified
2024-11-21 05:38
Severity ?
Summary
Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.
References
▼ | URL | Tags | |
---|---|---|---|
support@hackerone.com | https://support.citrix.com/article/CTX276688 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX276688 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC8327D0-8B64-44AF-A230-AAE32F3526CF", versionEndExcluding: "10.5-70.18", versionStartIncluding: "10.5", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D4807513-1157-4CE3-8998-9C5EB9BBDA3E", versionEndExcluding: "11.1-64.14", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "165076F2-014F-46F9-A1AB-2256D935A21B", versionEndExcluding: "12.0-63.21", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D6AE49E6-A6B9-4E2B-9AFB-7F1808D052F6", versionEndExcluding: "12.1-57.18", versionStartIncluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "03868D24-B1C0-4245-AE28-0960CF2816C1", versionEndExcluding: "13.0-58.30", versionStartIncluding: "13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BA7AAC01-A7CB-48F4-A25D-4A29479CD0DA", versionEndExcluding: "10.5-70.18", versionStartIncluding: "10.5", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "61C33096-91FD-4387-8B90-C8981DB7F926", versionEndExcluding: "11.1-64.14", versionStartIncluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7605821F-21B0-4F9D-AAD1-F901CED00585", versionEndExcluding: "12.0-63.21", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6FA8946F-75C2-4515-9EBE-E1884B35ECF1", versionEndExcluding: "12.1-57.18", versionStartIncluding: "12.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:gateway_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E6D0CC10-FE91-40E4-BFFD-11BE41DD4269", versionEndExcluding: "13.0-58.30", versionStartIncluding: "13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*", matchCriteriaId: "3EF98B43-71DB-4230-B7AC-76EC2B1F0533", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.", }, { lang: "es", value: "Unos permisos de archivo incorrectos en Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18, permiten una escalada de privilegios", }, ], id: "CVE-2020-8190", lastModified: "2024-11-21T05:38:28.207", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-10T16:15:12.013", references: [ { source: "support@hackerone.com", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX276688", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.citrix.com/article/CTX276688", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-281", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }