Vulnerabilites related to citrix - netscaler_gateway
cve-2020-8187
Vulnerability from cvelistv5
Published
2020-07-10 15:35
Modified
2024-08-04 09:56
Severity ?
Summary
Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack.
References
Impacted products
Vendor Product Version
n/a Citrix ADC, Citrix Gateway Version: 11.1-63.9, 12.0-62.10
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:56:28.243Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX276688",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Citrix ADC, Citrix Gateway",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "11.1-63.9, 12.0-62.10",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "Improper Input Validation (CWE-20)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-10T15:35:56",
            orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            shortName: "hackerone",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.citrix.com/article/CTX276688",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "support@hackerone.com",
               ID: "CVE-2020-8187",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Citrix ADC, Citrix Gateway",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "11.1-63.9, 12.0-62.10",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Improper Input Validation (CWE-20)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.citrix.com/article/CTX276688",
                     refsource: "MISC",
                     url: "https://support.citrix.com/article/CTX276688",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
      assignerShortName: "hackerone",
      cveId: "CVE-2020-8187",
      datePublished: "2020-07-10T15:35:56",
      dateReserved: "2020-01-28T00:00:00",
      dateUpdated: "2024-08-04T09:56:28.243Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-3467
Vulnerability from cvelistv5
Published
2023-07-19 18:35
Modified
2024-10-24 17:43
Summary
Privilege Escalation to root administrator (nsroot)
Impacted products
Vendor Product Version
Citrix NetScaler ADC  Version: 13.1
Version: 13.0
Version: 13.1-FIPS
Version: 12.1-FIPS
Version: 12.1-NDcPP
Citrix NetScaler Gateway Version: 13.1
Version: 13.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T06:55:03.548Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-3467",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-24T17:43:30.373172Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-24T17:43:49.602Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "NetScaler ADC ",
               vendor: "Citrix",
               versions: [
                  {
                     lessThan: "49.13",
                     status: "affected",
                     version: "13.1",
                     versionType: "patch",
                  },
                  {
                     lessThan: "91.13",
                     status: "affected",
                     version: "13.0",
                     versionType: "patch",
                  },
                  {
                     lessThan: "37.159",
                     status: "affected",
                     version: "13.1-FIPS",
                     versionType: "patch",
                  },
                  {
                     lessThan: "55.297",
                     status: "affected",
                     version: "12.1-FIPS",
                     versionType: "patch",
                  },
                  {
                     lessThan: "55.297",
                     status: "affected",
                     version: "12.1-NDcPP",
                     versionType: "patch",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "NetScaler Gateway",
               vendor: "Citrix",
               versions: [
                  {
                     lessThan: "49.13",
                     status: "affected",
                     version: "13.1",
                     versionType: "patch",
                  },
                  {
                     lessThan: "91.13",
                     status: "affected",
                     version: "13.0",
                     versionType: "patch",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<span style=\"background-color: rgb(255, 255, 255);\">Privilege Escalation to root administrator (nsroot)</span><br>",
                  },
               ],
               value: "Privilege Escalation to root administrator (nsroot)\n",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-269",
                     description: "CWE-269 Improper Privilege Management",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-07-19T18:35:56.843Z",
            orgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
            shortName: "Citrix",
         },
         references: [
            {
               url: "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
      assignerShortName: "Citrix",
      cveId: "CVE-2023-3467",
      datePublished: "2023-07-19T18:35:56.843Z",
      dateReserved: "2023-06-29T21:04:13.952Z",
      dateUpdated: "2024-10-24T17:43:49.602Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-6809
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2024-08-05 06:10
Severity ?
Summary
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system.
References
https://support.citrix.com/article/CTX232161x_refsource_CONFIRM
http://www.securitytracker.com/id/1040440vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T06:10:11.276Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX232161",
               },
               {
                  name: "1040440",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1040440",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-03-01T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-03-06T19:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.citrix.com/article/CTX232161",
            },
            {
               name: "1040440",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1040440",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-6809",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.citrix.com/article/CTX232161",
                     refsource: "CONFIRM",
                     url: "https://support.citrix.com/article/CTX232161",
                  },
                  {
                     name: "1040440",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1040440",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-6809",
      datePublished: "2018-03-06T20:00:00",
      dateReserved: "2018-02-07T00:00:00",
      dateUpdated: "2024-08-05T06:10:11.276Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-8194
Vulnerability from cvelistv5
Published
2020-07-10 15:38
Modified
2024-08-04 09:56
Severity ?
Summary
Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.
References
Impacted products
Vendor Product Version
n/a Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP Version: Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:56:27.601Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX276688",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-94",
                     description: "Code Injection (CWE-94)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-10T15:38:54",
            orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            shortName: "hackerone",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.citrix.com/article/CTX276688",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "support@hackerone.com",
               ID: "CVE-2020-8194",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Code Injection (CWE-94)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.citrix.com/article/CTX276688",
                     refsource: "MISC",
                     url: "https://support.citrix.com/article/CTX276688",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
      assignerShortName: "hackerone",
      cveId: "CVE-2020-8194",
      datePublished: "2020-07-10T15:38:54",
      dateReserved: "2020-01-28T00:00:00",
      dateUpdated: "2024-08-04T09:56:27.601Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-4967
Vulnerability from cvelistv5
Published
2023-10-27 18:01
Modified
2024-08-02 07:44
Summary
Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server
Impacted products
Vendor Product Version
Cloud Software Group NetScaler ADC Version: 14.1
Version: 13.1
Version: 13.0
Version: 13.1-FIPS
Version: 12.1-FIPS
Version: 12.1-NDcPP
Cloud Software Group NetScaler Gateway Version: 14.1
Version: 13.1
Version: 13.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T07:44:53.479Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX579459/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "NetScaler ADC",
               vendor: "Cloud Software Group",
               versions: [
                  {
                     lessThan: "8.50",
                     status: "affected",
                     version: "14.1",
                     versionType: "patch",
                  },
                  {
                     lessThan: "49.15",
                     status: "affected",
                     version: "13.1",
                     versionType: "patch",
                  },
                  {
                     lessThan: "92.19",
                     status: "affected",
                     version: "13.0",
                     versionType: "patch",
                  },
                  {
                     lessThan: "37.164",
                     status: "affected",
                     version: "13.1-FIPS",
                     versionType: "patch",
                  },
                  {
                     lessThan: "55.300",
                     status: "affected",
                     version: "12.1-FIPS",
                     versionType: "patch",
                  },
                  {
                     lessThan: "55.300",
                     status: "affected",
                     version: "12.1-NDcPP",
                     versionType: "patch",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "NetScaler Gateway",
               vendor: "Cloud Software Group",
               versions: [
                  {
                     lessThan: "8.50",
                     status: "affected",
                     version: "14.1",
                     versionType: "patch",
                  },
                  {
                     lessThan: "49.15",
                     status: "affected",
                     version: "13.1",
                     versionType: "patch",
                  },
                  {
                     lessThan: "92.19",
                     status: "affected",
                     version: "13.0",
                     versionType: "patch",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server",
                  },
               ],
               value: "Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.2,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-119",
                     description: "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-27T18:01:59.707Z",
            orgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
            shortName: "Citrix",
         },
         references: [
            {
               url: "https://support.citrix.com/article/CTX579459/",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "Denial of service",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
      assignerShortName: "Citrix",
      cveId: "CVE-2023-4967",
      datePublished: "2023-10-27T18:01:59.707Z",
      dateReserved: "2023-09-14T15:51:24.455Z",
      dateUpdated: "2024-08-02T07:44:53.479Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-6548
Vulnerability from cvelistv5
Published
2024-01-17 20:11
Modified
2024-08-02 08:35
Summary
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
Impacted products
Vendor Product Version
Cloud Software Group NetScaler ADC  Version: 14.1
Version: 13.1
Version: 13.0
Version: 13.1-FIPS
Version: 12.1-FIPS
Version: 12.1-NDcPP
Cloud Software Group NetScaler Gateway Version: 14.1
Version: 13.1
Version: 13.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1:*:*:*:-:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "netscaler_application_delivery_controller",
                  vendor: "citrix",
                  versions: [
                     {
                        lessThan: "14.1-12.35",
                        status: "affected",
                        version: "14.1",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1:*:*:*:-:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "netscaler_application_delivery_controller",
                  vendor: "citrix",
                  versions: [
                     {
                        lessThan: "13.1-51.15",
                        status: "affected",
                        version: "13.1",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.0:*:*:*:-:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "netscaler_application_delivery_controller",
                  vendor: "citrix",
                  versions: [
                     {
                        lessThan: "13.0-92.21",
                        status: "affected",
                        version: "13.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1:*:*:*:fips:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "netscaler_application_delivery_controller",
                  vendor: "citrix",
                  versions: [
                     {
                        lessThan: "13.1-37.176",
                        status: "affected",
                        version: "13.1",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1:*:*:*:fips:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "netscaler_application_delivery_controller",
                  vendor: "citrix",
                  versions: [
                     {
                        lessThan: "12.1-55.302",
                        status: "affected",
                        version: "12.1",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1:*:*:*:ndcpp:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "netscaler_application_delivery_controller",
                  vendor: "citrix",
                  versions: [
                     {
                        lessThan: "12.1-55.302",
                        status: "affected",
                        version: "12.1",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:citrix:netscaler_gateway:14.1:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "netscaler_gateway",
                  vendor: "citrix",
                  versions: [
                     {
                        lessThan: "14.1-12.35",
                        status: "affected",
                        version: "14.1",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:citrix:netscaler_gateway:13.1:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "netscaler_gateway",
                  vendor: "citrix",
                  versions: [
                     {
                        lessThan: "13.1-51.15",
                        status: "affected",
                        version: "13.1",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:citrix:netscaler_gateway:13.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "netscaler_gateway",
                  vendor: "citrix",
                  versions: [
                     {
                        lessThan: "13.0-92.21",
                        status: "affected",
                        version: "13.0",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-6548",
                        options: [
                           {
                              Exploitation: "active",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-01-18T14:00:57.375485Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
               {
                  other: {
                     content: {
                        dateAdded: "2024-01-17",
                        reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-6548",
                     },
                     type: "kev",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-06-25T17:14:26.335Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T08:35:14.029Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "NetScaler ADC ",
               vendor: "Cloud Software Group",
               versions: [
                  {
                     lessThan: "12.35",
                     status: "affected",
                     version: "14.1",
                     versionType: "patch",
                  },
                  {
                     lessThan: "51.15",
                     status: "affected",
                     version: "13.1",
                     versionType: "patch",
                  },
                  {
                     lessThan: "92.21",
                     status: "affected",
                     version: "13.0 ",
                     versionType: "patch",
                  },
                  {
                     lessThan: "37.176",
                     status: "affected",
                     version: " 13.1-FIPS",
                     versionType: "patch",
                  },
                  {
                     lessThan: "55.302",
                     status: "affected",
                     version: "12.1-FIPS",
                     versionType: "patch",
                  },
                  {
                     lessThan: "55.302",
                     status: "affected",
                     version: "12.1-NDcPP",
                     versionType: "patch",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "NetScaler Gateway",
               vendor: "Cloud Software Group",
               versions: [
                  {
                     lessThan: "12.35",
                     status: "affected",
                     version: "14.1",
                     versionType: "patch",
                  },
                  {
                     lessThan: "51.15",
                     status: "affected",
                     version: "13.1",
                     versionType: "patch",
                  },
                  {
                     lessThan: "92.21",
                     status: "affected",
                     version: "13.0",
                     versionType: "patch",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<span style=\"background-color: rgb(255, 255, 255);\">Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">allows an attacker with<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;access</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;to NSIP, CLIP or SNIP with management interface to perform</span>&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">Authenticated (low privileged) remote code execution on Management Interface.</span></span></span>",
                  },
               ],
               value: "Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 5.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-94",
                     description: "CWE-94 Improper Control of Generation of Code ('Code Injection')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-01-18T01:12:54.917Z",
            orgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
            shortName: "Citrix",
         },
         references: [
            {
               url: "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
      assignerShortName: "Citrix",
      cveId: "CVE-2023-6548",
      datePublished: "2024-01-17T20:11:18.462Z",
      dateReserved: "2023-12-06T11:01:54.643Z",
      dateUpdated: "2024-08-02T08:35:14.029Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-7219
Vulnerability from cvelistv5
Published
2017-04-13 14:00
Modified
2024-08-05 15:56
Severity ?
Summary
A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors.
References
https://support.citrix.com/article/CTX222657x_refsource_CONFIRM
http://www.securitytracker.com/id/1038283vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/97626vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T15:56:36.058Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX222657",
               },
               {
                  name: "1038283",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1038283",
               },
               {
                  name: "97626",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/97626",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2017-04-13T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-10T09:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.citrix.com/article/CTX222657",
            },
            {
               name: "1038283",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1038283",
            },
            {
               name: "97626",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/97626",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2017-7219",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.citrix.com/article/CTX222657",
                     refsource: "CONFIRM",
                     url: "https://support.citrix.com/article/CTX222657",
                  },
                  {
                     name: "1038283",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1038283",
                  },
                  {
                     name: "97626",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/97626",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2017-7219",
      datePublished: "2017-04-13T14:00:00",
      dateReserved: "2017-03-21T00:00:00",
      dateUpdated: "2024-08-05T15:56:36.058Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-8196
Vulnerability from cvelistv5
Published
2020-07-10 15:39
Modified
2024-08-04 09:56
Severity ?
Summary
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
Impacted products
Vendor Product Version
n/a Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP Version: Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:56:28.236Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX276688",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-284",
                     description: "Improper Access Control - Generic (CWE-284)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-11-13T17:06:17",
            orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            shortName: "hackerone",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.citrix.com/article/CTX276688",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "support@hackerone.com",
               ID: "CVE-2020-8196",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Improper Access Control - Generic (CWE-284)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.citrix.com/article/CTX276688",
                     refsource: "MISC",
                     url: "https://support.citrix.com/article/CTX276688",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
      assignerShortName: "hackerone",
      cveId: "CVE-2020-8196",
      datePublished: "2020-07-10T15:39:54",
      dateReserved: "2020-01-28T00:00:00",
      dateUpdated: "2024-08-04T09:56:28.236Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-18225
Vulnerability from cvelistv5
Published
2019-10-21 17:09
Modified
2024-08-05 01:47
Severity ?
Summary
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T01:47:14.102Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX261055",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-10-21T17:09:23",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.citrix.com/article/CTX261055",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-18225",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.citrix.com/article/CTX261055",
                     refsource: "MISC",
                     url: "https://support.citrix.com/article/CTX261055",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-18225",
      datePublished: "2019-10-21T17:09:23",
      dateReserved: "2019-10-21T00:00:00",
      dateUpdated: "2024-08-05T01:47:14.102Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-8193
Vulnerability from cvelistv5
Published
2020-07-10 15:38
Modified
2024-08-04 09:56
Severity ?
Summary
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.
Impacted products
Vendor Product Version
n/a Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP Version: Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:56:27.459Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX276688",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-284",
                     description: "Improper Access Control - Generic (CWE-284)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-11-13T17:06:16",
            orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            shortName: "hackerone",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.citrix.com/article/CTX276688",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "support@hackerone.com",
               ID: "CVE-2020-8193",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Improper Access Control - Generic (CWE-284)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.citrix.com/article/CTX276688",
                     refsource: "MISC",
                     url: "https://support.citrix.com/article/CTX276688",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
      assignerShortName: "hackerone",
      cveId: "CVE-2020-8193",
      datePublished: "2020-07-10T15:38:28",
      dateReserved: "2020-01-28T00:00:00",
      dateUpdated: "2024-08-04T09:56:27.459Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-8198
Vulnerability from cvelistv5
Published
2020-07-10 15:39
Modified
2024-08-04 09:56
Severity ?
Summary
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).
References
Impacted products
Vendor Product Version
n/a Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP Version: Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:56:27.527Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX276688",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-79",
                     description: "Cross-site Scripting (XSS) - Stored (CWE-79)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-10T15:39:14",
            orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            shortName: "hackerone",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.citrix.com/article/CTX276688",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "support@hackerone.com",
               ID: "CVE-2020-8198",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Cross-site Scripting (XSS) - Stored (CWE-79)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.citrix.com/article/CTX276688",
                     refsource: "MISC",
                     url: "https://support.citrix.com/article/CTX276688",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
      assignerShortName: "hackerone",
      cveId: "CVE-2020-8198",
      datePublished: "2020-07-10T15:39:14",
      dateReserved: "2020-01-28T00:00:00",
      dateUpdated: "2024-08-04T09:56:27.527Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-5314
Vulnerability from cvelistv5
Published
2018-03-01 17:00
Modified
2024-08-05 05:33
Severity ?
Summary
Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.
References
http://www.securitytracker.com/id/1040439vdb-entry, x_refsource_SECTRACK
https://support.citrix.com/article/CTX232199x_refsource_CONFIRM
http://www.securityfocus.com/bid/103186vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T05:33:44.080Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "1040439",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1040439",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX232199",
               },
               {
                  name: "103186",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/103186",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-02-28T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-03-02T10:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "1040439",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1040439",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.citrix.com/article/CTX232199",
            },
            {
               name: "103186",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/103186",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-5314",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "1040439",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1040439",
                  },
                  {
                     name: "https://support.citrix.com/article/CTX232199",
                     refsource: "CONFIRM",
                     url: "https://support.citrix.com/article/CTX232199",
                  },
                  {
                     name: "103186",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/103186",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-5314",
      datePublished: "2018-03-01T17:00:00",
      dateReserved: "2018-01-09T00:00:00",
      dateUpdated: "2024-08-05T05:33:44.080Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-8300
Vulnerability from cvelistv5
Published
2021-06-16 13:08
Modified
2024-08-04 09:56
Severity ?
Summary
Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.
References
Impacted products
Vendor Product Version
n/a Citrix ADC, Citrix Gateway Version: Fixed in Citrix ADC and Citrix Gateway 13.0 before 13.0-82.41, Citrix ADC and Citrix Gateway 12.1 before 12.1-62.23, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:56:28.314Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX297155",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Citrix ADC, Citrix Gateway",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Fixed in Citrix ADC and Citrix Gateway 13.0 before 13.0-82.41, Citrix ADC and Citrix Gateway 12.1 before 12.1-62.23, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-284",
                     description: "Improper Access Control - Generic (CWE-284)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-06-16T13:08:16",
            orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            shortName: "hackerone",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.citrix.com/article/CTX297155",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "support@hackerone.com",
               ID: "CVE-2020-8300",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Citrix ADC, Citrix Gateway",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Fixed in Citrix ADC and Citrix Gateway 13.0 before 13.0-82.41, Citrix ADC and Citrix Gateway 12.1 before 12.1-62.23, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Improper Access Control - Generic (CWE-284)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.citrix.com/article/CTX297155",
                     refsource: "MISC",
                     url: "https://support.citrix.com/article/CTX297155",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
      assignerShortName: "hackerone",
      cveId: "CVE-2020-8300",
      datePublished: "2021-06-16T13:08:16",
      dateReserved: "2020-01-28T00:00:00",
      dateUpdated: "2024-08-04T09:56:28.314Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-22927
Vulnerability from cvelistv5
Published
2021-08-05 20:16
Modified
2024-08-03 18:58
Severity ?
Summary
A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.
References
Impacted products
Vendor Product Version
n/a Citrix ADC, Citrix Gateway Version: Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0
Version: Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1
Version: Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1
Version: Citrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPS
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T18:58:26.168Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX319135",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Citrix ADC, Citrix Gateway",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0",
                  },
                  {
                     status: "affected",
                     version: "Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1",
                  },
                  {
                     status: "affected",
                     version: "Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1",
                  },
                  {
                     status: "affected",
                     version: "Citrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPS",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-384",
                     description: "Session Fixation (CWE-384)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-08-05T20:16:42",
            orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            shortName: "hackerone",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.citrix.com/article/CTX319135",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "support@hackerone.com",
               ID: "CVE-2021-22927",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Citrix ADC, Citrix Gateway",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0",
                                       },
                                       {
                                          version_value: "Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1",
                                       },
                                       {
                                          version_value: "Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1",
                                       },
                                       {
                                          version_value: "Citrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPS",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Session Fixation (CWE-384)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.citrix.com/article/CTX319135",
                     refsource: "MISC",
                     url: "https://support.citrix.com/article/CTX319135",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
      assignerShortName: "hackerone",
      cveId: "CVE-2021-22927",
      datePublished: "2021-08-05T20:16:42",
      dateReserved: "2021-01-06T00:00:00",
      dateUpdated: "2024-08-03T18:58:26.168Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-8197
Vulnerability from cvelistv5
Published
2020-07-10 15:40
Modified
2024-08-04 09:56
Severity ?
Summary
Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands.
References
Impacted products
Vendor Product Version
n/a Citrix ADC, Citrix Gateway Version: 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:56:27.921Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX276688",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Citrix ADC, Citrix Gateway",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Privilege Escalation (CAPEC-233)",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-10T15:40:09",
            orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            shortName: "hackerone",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.citrix.com/article/CTX276688",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "support@hackerone.com",
               ID: "CVE-2020-8197",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Citrix ADC, Citrix Gateway",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Privilege Escalation (CAPEC-233)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.citrix.com/article/CTX276688",
                     refsource: "MISC",
                     url: "https://support.citrix.com/article/CTX276688",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
      assignerShortName: "hackerone",
      cveId: "CVE-2020-8197",
      datePublished: "2020-07-10T15:40:09",
      dateReserved: "2020-01-28T00:00:00",
      dateUpdated: "2024-08-04T09:56:27.921Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-3642
Vulnerability from cvelistv5
Published
2017-08-02 19:00
Modified
2024-08-06 05:47
Severity ?
Summary
The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
References
http://support.citrix.com/article/CTX200378x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T05:47:58.515Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.citrix.com/article/CTX200378",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-01-20T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-02T18:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.citrix.com/article/CTX200378",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2015-3642",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://support.citrix.com/article/CTX200378",
                     refsource: "CONFIRM",
                     url: "http://support.citrix.com/article/CTX200378",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2015-3642",
      datePublished: "2017-08-02T19:00:00",
      dateReserved: "2015-05-04T00:00:00",
      dateUpdated: "2024-08-06T05:47:58.515Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-8195
Vulnerability from cvelistv5
Published
2020-07-10 15:39
Modified
2024-08-04 09:56
Severity ?
Summary
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
Impacted products
Vendor Product Version
n/a Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP Version: Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:56:27.563Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX276688",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "Improper Input Validation (CWE-20)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-11-13T17:06:17",
            orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            shortName: "hackerone",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.citrix.com/article/CTX276688",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "support@hackerone.com",
               ID: "CVE-2020-8195",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Improper Input Validation (CWE-20)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.citrix.com/article/CTX276688",
                     refsource: "MISC",
                     url: "https://support.citrix.com/article/CTX276688",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
      assignerShortName: "hackerone",
      cveId: "CVE-2020-8195",
      datePublished: "2020-07-10T15:39:35",
      dateReserved: "2020-01-28T00:00:00",
      dateUpdated: "2024-08-04T09:56:27.563Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-3519
Vulnerability from cvelistv5
Published
2023-07-19 17:51
Modified
2024-08-02 06:55
Severity ?
Summary
Unauthenticated remote code execution
Impacted products
Vendor Product Version
Citrix NetScaler ADC  Version: 13.1
Version: 13.0
Version: 13.1-FIPS
Version: 12.1-FIPS
Version: 12.1-NDcPP
Citrix NetScaler Gateway Version: 13.1
Version: 13.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T06:55:03.597Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "NetScaler ADC ",
               vendor: "Citrix",
               versions: [
                  {
                     lessThan: "49.13",
                     status: "affected",
                     version: "13.1",
                     versionType: "patch",
                  },
                  {
                     lessThan: "91.13",
                     status: "affected",
                     version: "13.0",
                     versionType: "patch",
                  },
                  {
                     lessThan: "37.159",
                     status: "affected",
                     version: "13.1-FIPS",
                     versionType: "patch",
                  },
                  {
                     lessThan: "55.297",
                     status: "affected",
                     version: "12.1-FIPS",
                     versionType: "patch",
                  },
                  {
                     lessThan: "55.297",
                     status: "affected",
                     version: "12.1-NDcPP",
                     versionType: "patch",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "NetScaler Gateway",
               vendor: "Citrix",
               versions: [
                  {
                     lessThan: "49.13",
                     status: "affected",
                     version: "13.1",
                     versionType: "patch",
                  },
                  {
                     lessThan: "91.13",
                     status: "affected",
                     version: "13.0",
                     versionType: "patch",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<span style=\"background-color: rgb(255, 255, 255);\">Unauthenticated remote code execution</span><br>",
                  },
               ],
               value: "Unauthenticated remote code execution\n",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-94",
                     description: "CWE-94 Improper Control of Generation of Code ('Code Injection')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-07-19T17:51:39.739Z",
            orgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
            shortName: "Citrix",
         },
         references: [
            {
               url: "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467",
            },
            {
               url: "http://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.html",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
      assignerShortName: "Citrix",
      cveId: "CVE-2023-3519",
      datePublished: "2023-07-19T17:51:39.739Z",
      dateReserved: "2023-07-05T22:22:26.251Z",
      dateUpdated: "2024-08-02T06:55:03.597Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-8245
Vulnerability from cvelistv5
Published
2020-09-18 20:12
Modified
2024-08-04 09:56
Severity ?
Summary
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal.
References
Impacted products
Vendor Product Version
n/a Citrix ADC, Citrix Gateway Version: Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:56:27.961Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX281474",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Citrix ADC, Citrix Gateway",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-79",
                     description: "Cross-site Scripting (XSS) - Generic (CWE-79)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-09-18T20:12:07",
            orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            shortName: "hackerone",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.citrix.com/article/CTX281474",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "support@hackerone.com",
               ID: "CVE-2020-8245",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Citrix ADC, Citrix Gateway",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Cross-site Scripting (XSS) - Generic (CWE-79)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.citrix.com/article/CTX281474",
                     refsource: "MISC",
                     url: "https://support.citrix.com/article/CTX281474",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
      assignerShortName: "hackerone",
      cveId: "CVE-2020-8245",
      datePublished: "2020-09-18T20:12:07",
      dateReserved: "2020-01-28T00:00:00",
      dateUpdated: "2024-08-04T09:56:27.961Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-8246
Vulnerability from cvelistv5
Published
2020-09-18 20:12
Modified
2024-08-04 09:56
Severity ?
Summary
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network.
References
Impacted products
Vendor Product Version
n/a Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP Version: Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:56:27.947Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX281474",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP ",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-400",
                     description: "Denial of Service (CWE-400)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-09-18T20:12:26",
            orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            shortName: "hackerone",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.citrix.com/article/CTX281474",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "support@hackerone.com",
               ID: "CVE-2020-8246",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP ",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Denial of Service (CWE-400)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.citrix.com/article/CTX281474",
                     refsource: "MISC",
                     url: "https://support.citrix.com/article/CTX281474",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
      assignerShortName: "hackerone",
      cveId: "CVE-2020-8246",
      datePublished: "2020-09-18T20:12:26",
      dateReserved: "2020-01-28T00:00:00",
      dateUpdated: "2024-08-04T09:56:27.947Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-3466
Vulnerability from cvelistv5
Published
2023-07-19 18:21
Modified
2024-10-21 21:09
Summary
Reflected Cross-Site Scripting (XSS)
Impacted products
Vendor Product Version
Citrix NetScaler ADC  Version: 13.1
Version: 13.0
Version: 13.1-FIPS
Version: 12.1-FIPS
Version: 12.1-NDcPP
Citrix NetScaler Gateway Version: 13.1
Version: 13.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T06:55:03.525Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-3466",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-21T21:06:40.290853Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-21T21:09:28.424Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "NetScaler ADC ",
               vendor: "Citrix",
               versions: [
                  {
                     lessThan: "49.13",
                     status: "affected",
                     version: "13.1",
                     versionType: "patch",
                  },
                  {
                     lessThan: "91.13",
                     status: "affected",
                     version: "13.0",
                     versionType: "patch",
                  },
                  {
                     lessThan: "37.159",
                     status: "affected",
                     version: "13.1-FIPS",
                     versionType: "patch",
                  },
                  {
                     lessThan: "55.297",
                     status: "affected",
                     version: "12.1-FIPS ",
                     versionType: "patch",
                  },
                  {
                     lessThan: "55.297",
                     status: "affected",
                     version: "12.1-NDcPP",
                     versionType: "patch",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "NetScaler Gateway",
               vendor: "Citrix",
               versions: [
                  {
                     lessThan: "49.13",
                     status: "affected",
                     version: "13.1",
                     versionType: "patch",
                  },
                  {
                     lessThan: "91.13",
                     status: "affected",
                     version: "13.0",
                     versionType: "patch",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<span style=\"background-color: rgb(255, 255, 255);\">Reflected Cross-Site Scripting (XSS)</span><br>",
                  },
               ],
               value: "Reflected Cross-Site Scripting (XSS)\n",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20 Improper Input Validation",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-07-19T18:21:05.262Z",
            orgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
            shortName: "Citrix",
         },
         references: [
            {
               url: "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
      assignerShortName: "Citrix",
      cveId: "CVE-2023-3466",
      datePublished: "2023-07-19T18:21:05.262Z",
      dateReserved: "2023-06-29T21:03:53.903Z",
      dateUpdated: "2024-10-21T21:09:28.424Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-6808
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2024-08-05 06:10
Severity ?
Summary
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system.
References
https://support.citrix.com/article/CTX232161x_refsource_CONFIRM
http://www.securitytracker.com/id/1040440vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T06:10:11.369Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX232161",
               },
               {
                  name: "1040440",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1040440",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-03-01T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-03-06T19:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.citrix.com/article/CTX232161",
            },
            {
               name: "1040440",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1040440",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-6808",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.citrix.com/article/CTX232161",
                     refsource: "CONFIRM",
                     url: "https://support.citrix.com/article/CTX232161",
                  },
                  {
                     name: "1040440",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1040440",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-6808",
      datePublished: "2018-03-06T20:00:00",
      dateReserved: "2018-02-07T00:00:00",
      dateUpdated: "2024-08-05T06:10:11.369Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-6549
Vulnerability from cvelistv5
Published
2024-01-17 20:15
Modified
2024-08-02 08:35
Summary
Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read
Impacted products
Vendor Product Version
Cloud Software Group NetScaler ADC  Version: 14.1
Version: 13.1
Version: 13.0
Version: 13.1-FIPS
Version: 12.1-FIPS
Version: 12.1-NDcPP
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T08:35:13.934Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "NetScaler ADC ",
               vendor: "Cloud Software Group",
               versions: [
                  {
                     lessThan: "12.35",
                     status: "affected",
                     version: "14.1",
                     versionType: "patch",
                  },
                  {
                     lessThan: "51.15",
                     status: "affected",
                     version: "13.1",
                     versionType: "patch",
                  },
                  {
                     lessThan: "92.21",
                     status: "affected",
                     version: "13.0 ",
                     versionType: "patch",
                  },
                  {
                     lessThan: "37.176",
                     status: "affected",
                     version: " 13.1-FIPS",
                     versionType: "patch",
                  },
                  {
                     lessThan: "55.302",
                     status: "affected",
                     version: "12.1-FIPS",
                     versionType: "patch",
                  },
                  {
                     lessThan: "55.302",
                     status: "affected",
                     version: "12.1-NDcPP",
                     versionType: "patch",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<span style=\"background-color: rgb(255, 255, 255);\"><b><span style=\"background-color: rgb(255, 255, 255);\">Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and&nbsp;</span></b><span style=\"background-color: rgb(255, 255, 255);\"><b>Out-Of-Bounds Memory Read</b></span></span><br>",
                  },
               ],
               value: "Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read\n",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.2,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-119",
                     description: "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-05-10T17:29:28.138Z",
            orgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
            shortName: "Citrix",
         },
         references: [
            {
               url: "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
      assignerShortName: "Citrix",
      cveId: "CVE-2023-6549",
      datePublished: "2024-01-17T20:15:53.345Z",
      dateReserved: "2023-12-06T11:01:58.256Z",
      dateUpdated: "2024-08-02T08:35:13.934Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-8247
Vulnerability from cvelistv5
Published
2020-09-18 20:12
Modified
2024-08-04 09:56
Severity ?
Summary
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.
References
Impacted products
Vendor Product Version
n/a Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP Version: Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:56:28.043Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX281474",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-269",
                     description: "Improper Privilege Management (CWE-269)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-09-18T20:12:32",
            orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            shortName: "hackerone",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.citrix.com/article/CTX281474",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "support@hackerone.com",
               ID: "CVE-2020-8247",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Improper Privilege Management (CWE-269)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.citrix.com/article/CTX281474",
                     refsource: "MISC",
                     url: "https://support.citrix.com/article/CTX281474",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
      assignerShortName: "hackerone",
      cveId: "CVE-2020-8247",
      datePublished: "2020-09-18T20:12:32",
      dateReserved: "2020-01-28T00:00:00",
      dateUpdated: "2024-08-04T09:56:28.043Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-8299
Vulnerability from cvelistv5
Published
2021-06-16 13:08
Modified
2024-08-04 09:56
Severity ?
Summary
Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.
References
Impacted products
Vendor Product Version
n/a Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP Edition Version: Fixed in Citrix ADC and Citrix Gateway 13.0-76.29 and later releases of 13.0, Citrix ADC and Citrix Gateway 12.1-61.18 and later releases of 12.1, Citrix ADC and NetScaler Gateway 11.1-65.20 and later releases of 11.1, Citrix ADC 12.1-FIPS 12.1-55.238 and later releases of 12.1-FIPS, Citrix SD-WAN WANOP 11.4.0 and later releases of 11.4, Citrix SD-WAN WANOP 11.3.2 and later releases of 11.3, Citrix SD-WAN WANOP 11.3.1a and later releases of 11.3, Citrix SD-WAN WANOP 11.2.3a and later releases of 11.2, Citrix SD-WAN WANOP 11.1.2c and later releases of 11.1, Citrix SD-WAN WANOP 10.2.9a and later releases of 10.2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:56:28.408Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX297155",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP Edition",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Fixed in Citrix ADC and Citrix Gateway 13.0-76.29 and later releases of 13.0, Citrix ADC and Citrix Gateway 12.1-61.18 and later releases of 12.1, Citrix ADC and NetScaler Gateway 11.1-65.20 and later releases of 11.1, Citrix ADC 12.1-FIPS 12.1-55.238 and later releases of 12.1-FIPS, Citrix SD-WAN WANOP 11.4.0 and later releases of 11.4, Citrix SD-WAN WANOP 11.3.2 and later releases of 11.3, Citrix SD-WAN WANOP 11.3.1a and later releases of 11.3, Citrix SD-WAN WANOP 11.2.3a and later releases of 11.2, Citrix SD-WAN WANOP 11.1.2c and later releases of 11.1, Citrix SD-WAN WANOP 10.2.9a and later releases of 10.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-400",
                     description: "Denial of Service (CWE-400)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-06-16T13:08:22",
            orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            shortName: "hackerone",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.citrix.com/article/CTX297155",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "support@hackerone.com",
               ID: "CVE-2020-8299",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP Edition",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Fixed in Citrix ADC and Citrix Gateway 13.0-76.29 and later releases of 13.0, Citrix ADC and Citrix Gateway 12.1-61.18 and later releases of 12.1, Citrix ADC and NetScaler Gateway 11.1-65.20 and later releases of 11.1, Citrix ADC 12.1-FIPS 12.1-55.238 and later releases of 12.1-FIPS, Citrix SD-WAN WANOP 11.4.0 and later releases of 11.4, Citrix SD-WAN WANOP 11.3.2 and later releases of 11.3, Citrix SD-WAN WANOP 11.3.1a and later releases of 11.3, Citrix SD-WAN WANOP 11.2.3a and later releases of 11.2, Citrix SD-WAN WANOP 11.1.2c and later releases of 11.1, Citrix SD-WAN WANOP 10.2.9a and later releases of 10.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Denial of Service (CWE-400)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.citrix.com/article/CTX297155",
                     refsource: "MISC",
                     url: "https://support.citrix.com/article/CTX297155",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
      assignerShortName: "hackerone",
      cveId: "CVE-2020-8299",
      datePublished: "2021-06-16T13:08:22",
      dateReserved: "2020-01-28T00:00:00",
      dateUpdated: "2024-08-04T09:56:28.408Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-6810
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2024-08-05 06:10
Severity ?
Summary
Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request.
References
https://support.citrix.com/article/CTX232161x_refsource_CONFIRM
http://www.securitytracker.com/id/1040440vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T06:10:11.331Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX232161",
               },
               {
                  name: "1040440",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1040440",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-03-01T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-03-06T19:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.citrix.com/article/CTX232161",
            },
            {
               name: "1040440",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1040440",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-6810",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.citrix.com/article/CTX232161",
                     refsource: "CONFIRM",
                     url: "https://support.citrix.com/article/CTX232161",
                  },
                  {
                     name: "1040440",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1040440",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-6810",
      datePublished: "2018-03-06T20:00:00",
      dateReserved: "2018-02-07T00:00:00",
      dateUpdated: "2024-08-05T06:10:11.331Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-6485
Vulnerability from cvelistv5
Published
2019-02-22 23:00
Modified
2024-08-04 20:23
Severity ?
Summary
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:23:21.376Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/RUB-NDS/TLS-Padding-Oracles",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX240139",
               },
               {
                  name: "106783",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/106783",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2019-02-22T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-02-26T20:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/RUB-NDS/TLS-Padding-Oracles",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.citrix.com/article/CTX240139",
            },
            {
               name: "106783",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/106783",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-6485",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/RUB-NDS/TLS-Padding-Oracles",
                     refsource: "MISC",
                     url: "https://github.com/RUB-NDS/TLS-Padding-Oracles",
                  },
                  {
                     name: "https://support.citrix.com/article/CTX240139",
                     refsource: "MISC",
                     url: "https://support.citrix.com/article/CTX240139",
                  },
                  {
                     name: "106783",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/106783",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-6485",
      datePublished: "2019-02-22T23:00:00",
      dateReserved: "2019-01-18T00:00:00",
      dateUpdated: "2024-08-04T20:23:21.376Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-2072
Vulnerability from cvelistv5
Published
2016-02-17 15:00
Modified
2024-08-05 23:17
Severity ?
Summary
The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
References
http://www.securitytracker.com/id/1035098vdb-entry, x_refsource_SECTRACK
http://support.citrix.com/article/CTX206001x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T23:17:50.363Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "1035098",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1035098",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.citrix.com/article/CTX206001",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-02-11T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-12-01T15:57:02",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "1035098",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1035098",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.citrix.com/article/CTX206001",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2016-2072",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "1035098",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1035098",
                  },
                  {
                     name: "http://support.citrix.com/article/CTX206001",
                     refsource: "CONFIRM",
                     url: "http://support.citrix.com/article/CTX206001",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2016-2072",
      datePublished: "2016-02-17T15:00:00",
      dateReserved: "2016-01-26T00:00:00",
      dateUpdated: "2024-08-05T23:17:50.363Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-4966
Vulnerability from cvelistv5
Published
2023-10-10 13:12
Modified
2024-08-02 07:44
Severity ?
Summary
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server. 
Impacted products
Vendor Product Version
Citrix NetScaler ADC  Version: 14.1
Version: 13.1
Version: 13.0
Version: 13.1-FIPS
Version: 12.1-FIPS
Version: 12.1-NDcPP
Citrix NetScaler Gateway Version: 14.1
Version: 13.1
Version: 13.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T07:44:53.522Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX579459",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "NetScaler ADC ",
               vendor: "Citrix",
               versions: [
                  {
                     lessThan: "8.50",
                     status: "affected",
                     version: "14.1",
                     versionType: "patch",
                  },
                  {
                     lessThan: "49.15",
                     status: "affected",
                     version: "13.1",
                     versionType: "patch",
                  },
                  {
                     lessThan: "92.19",
                     status: "affected",
                     version: "13.0",
                     versionType: "patch",
                  },
                  {
                     lessThan: "37.164",
                     status: "affected",
                     version: "13.1-FIPS",
                     versionType: "patch",
                  },
                  {
                     lessThan: "55.300",
                     status: "affected",
                     version: "12.1-FIPS",
                     versionType: "patch",
                  },
                  {
                     lessThan: "55.300",
                     status: "affected",
                     version: "12.1-NDcPP",
                     versionType: "patch",
                  },
               ],
            },
            {
               defaultStatus: "unaffected",
               product: "NetScaler Gateway",
               vendor: "Citrix",
               versions: [
                  {
                     lessThan: "8.50",
                     status: "affected",
                     version: "14.1",
                     versionType: "patch",
                  },
                  {
                     lessThan: "49.15",
                     status: "affected",
                     version: "13.1",
                     versionType: "patch",
                  },
                  {
                     lessThan: "92.19",
                     status: "affected",
                     version: "13.0",
                     versionType: "patch",
                  },
               ],
            },
         ],
         datePublic: "2023-10-10T12:33:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<b><p><b><span style=\"background-color: transparent;\">Sensitive information disclosure&nbsp;</span></b><span style=\"background-color: var(--wht);\">in NetScaler ADC and NetScaler Gateway when configured as a&nbsp;</span><span style=\"background-color: transparent;\">Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)&nbsp;</span><span style=\"background-color: transparent;\">or&nbsp;</span><span style=\"background-color: transparent;\">AAA  virtual server.&nbsp;</span><span style=\"background-color: transparent;\"><br></span><span style=\"background-color: var(--wht);\"><br></span></p></b>",
                  },
               ],
               value: "Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server. \n\n\n\n",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 9.4,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-119",
                     description: "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-10T13:12:29.552Z",
            orgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
            shortName: "Citrix",
         },
         references: [
            {
               url: "https://support.citrix.com/article/CTX579459",
            },
            {
               url: "http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "Unauthenticated sensitive information disclosure",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
      assignerShortName: "Citrix",
      cveId: "CVE-2023-4966",
      datePublished: "2023-10-10T13:12:17.644Z",
      dateReserved: "2023-09-14T15:51:21.569Z",
      dateUpdated: "2024-08-02T07:44:53.522Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-8190
Vulnerability from cvelistv5
Published
2020-07-10 15:32
Modified
2024-08-04 09:56
Severity ?
Summary
Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.
References
Impacted products
Vendor Product Version
n/a Citrix ADC, Citrix Gateway Version: 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:56:27.603Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX276688",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Citrix ADC, Citrix Gateway",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Privilege Escalation (CAPEC-233)",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-10T15:32:34",
            orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            shortName: "hackerone",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.citrix.com/article/CTX276688",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "support@hackerone.com",
               ID: "CVE-2020-8190",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Citrix ADC, Citrix Gateway",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Privilege Escalation (CAPEC-233)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.citrix.com/article/CTX276688",
                     refsource: "MISC",
                     url: "https://support.citrix.com/article/CTX276688",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
      assignerShortName: "hackerone",
      cveId: "CVE-2020-8190",
      datePublished: "2020-07-10T15:32:34",
      dateReserved: "2020-01-28T00:00:00",
      dateUpdated: "2024-08-04T09:56:27.603Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-2071
Vulnerability from cvelistv5
Published
2016-02-17 15:00
Modified
2024-08-05 23:17
Severity ?
Summary
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands.
References
http://www.securitytracker.com/id/1035098vdb-entry, x_refsource_SECTRACK
http://support.citrix.com/article/CTX206001x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T23:17:50.399Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "1035098",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1035098",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.citrix.com/article/CTX206001",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-02-11T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-12-01T15:57:02",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "1035098",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1035098",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.citrix.com/article/CTX206001",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2016-2071",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "1035098",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1035098",
                  },
                  {
                     name: "http://support.citrix.com/article/CTX206001",
                     refsource: "CONFIRM",
                     url: "http://support.citrix.com/article/CTX206001",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2016-2071",
      datePublished: "2016-02-17T15:00:00",
      dateReserved: "2016-01-26T00:00:00",
      dateUpdated: "2024-08-05T23:17:50.399Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-12044
Vulnerability from cvelistv5
Published
2019-05-22 15:29
Modified
2024-08-04 23:10
Severity ?
Summary
A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T23:10:30.180Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/v1/search?searchQuery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletin",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX249976",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-05-22T15:29:28",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.citrix.com/v1/search?searchQuery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletin",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.citrix.com/article/CTX249976",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-12044",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.citrix.com/v1/search?searchQuery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletin",
                     refsource: "MISC",
                     url: "https://support.citrix.com/v1/search?searchQuery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletin",
                  },
                  {
                     name: "https://support.citrix.com/article/CTX249976",
                     refsource: "CONFIRM",
                     url: "https://support.citrix.com/article/CTX249976",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-12044",
      datePublished: "2019-05-22T15:29:28",
      dateReserved: "2019-05-13T00:00:00",
      dateUpdated: "2024-08-04T23:10:30.180Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-22919
Vulnerability from cvelistv5
Published
2021-08-05 20:16
Modified
2024-08-03 18:58
Severity ?
Summary
A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed.
References
Impacted products
Vendor Product Version
n/a Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP Version: Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0 Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1 Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1 Citrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPS Citrix SD-WAN WANOP Edition 11.4.0a and later releases of 11.4 Citrix SD-WAN WANOP Edition 11.3.2a and later releases of 11.3 Citrix SD-WAN WANOP Edition 11.2.3b and later releases of 11.2 Citrix SD-WAN WANOP Edition 10.2.9b and later releases of 10.2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T18:58:25.542Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX319135",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0 Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1 Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1 Citrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPS Citrix SD-WAN WANOP Edition 11.4.0a and later releases of 11.4 Citrix SD-WAN WANOP Edition 11.3.2a and later releases of 11.3 Citrix SD-WAN WANOP Edition 11.2.3b and later releases of 11.2 Citrix SD-WAN WANOP Edition 10.2.9b and later releases of 10.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-770",
                     description: "Allocation of Resources Without Limits or Throttling (CWE-770)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-08-05T20:16:46",
            orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            shortName: "hackerone",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.citrix.com/article/CTX319135",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "support@hackerone.com",
               ID: "CVE-2021-22919",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0 Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1 Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1 Citrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPS Citrix SD-WAN WANOP Edition 11.4.0a and later releases of 11.4 Citrix SD-WAN WANOP Edition 11.3.2a and later releases of 11.3 Citrix SD-WAN WANOP Edition 11.2.3b and later releases of 11.2 Citrix SD-WAN WANOP Edition 10.2.9b and later releases of 10.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Allocation of Resources Without Limits or Throttling (CWE-770)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.citrix.com/article/CTX319135",
                     refsource: "MISC",
                     url: "https://support.citrix.com/article/CTX319135",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
      assignerShortName: "hackerone",
      cveId: "CVE-2021-22919",
      datePublished: "2021-08-05T20:16:46",
      dateReserved: "2021-01-06T00:00:00",
      dateUpdated: "2024-08-03T18:58:25.542Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-8191
Vulnerability from cvelistv5
Published
2020-07-10 15:38
Modified
2024-08-04 09:56
Severity ?
Summary
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).
References
Impacted products
Vendor Product Version
n/a Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP Version: Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T09:56:28.333Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX276688",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-79",
                     description: "Cross-site Scripting (XSS) - Reflected (CWE-79)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-10T15:38:10",
            orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            shortName: "hackerone",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.citrix.com/article/CTX276688",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "support@hackerone.com",
               ID: "CVE-2020-8191",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Citrix ADC and Citrix Gateway 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP 11.1.1a, 11.0.3d and 10.2.7",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Cross-site Scripting (XSS) - Reflected (CWE-79)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.citrix.com/article/CTX276688",
                     refsource: "MISC",
                     url: "https://support.citrix.com/article/CTX276688",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
      assignerShortName: "hackerone",
      cveId: "CVE-2020-8191",
      datePublished: "2020-07-10T15:38:10",
      dateReserved: "2020-01-28T00:00:00",
      dateUpdated: "2024-08-04T09:56:28.333Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-19781
Vulnerability from cvelistv5
Published
2019-12-27 13:06
Modified
2024-08-05 02:25
Severity ?
Summary
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T02:25:12.672Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.citrix.com/article/CTX267027",
               },
               {
                  name: "VU#619785",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "https://www.kb.cert.org/vuls/id/619785",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://twitter.com/bad_packets/status/1215431625766424576",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://forms.gle/eDf3DXZAv96oosfj6",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-01-16T18:06:17",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.citrix.com/article/CTX267027",
            },
            {
               name: "VU#619785",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "https://www.kb.cert.org/vuls/id/619785",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://twitter.com/bad_packets/status/1215431625766424576",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://forms.gle/eDf3DXZAv96oosfj6",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-19781",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.citrix.com/article/CTX267027",
                     refsource: "CONFIRM",
                     url: "https://support.citrix.com/article/CTX267027",
                  },
                  {
                     name: "VU#619785",
                     refsource: "CERT-VN",
                     url: "https://www.kb.cert.org/vuls/id/619785",
                  },
                  {
                     name: "https://twitter.com/bad_packets/status/1215431625766424576",
                     refsource: "MISC",
                     url: "https://twitter.com/bad_packets/status/1215431625766424576",
                  },
                  {
                     name: "https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/",
                     refsource: "MISC",
                     url: "https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/",
                  },
                  {
                     name: "https://forms.gle/eDf3DXZAv96oosfj6",
                     refsource: "MISC",
                     url: "https://forms.gle/eDf3DXZAv96oosfj6",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.html",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-19781",
      datePublished: "2019-12-27T13:06:46",
      dateReserved: "2019-12-13T00:00:00",
      dateUpdated: "2024-08-05T02:25:12.672Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2024-01-17 21:15
Modified
2024-11-21 08:44
Summary
Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read



{
   cisaActionDue: "2024-02-07",
   cisaExploitAdd: "2024-01-17",
   cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
   cisaVulnerabilityName: "Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability",
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
                     matchCriteriaId: "E5672003-8E6B-4316-B5C9-FE436080ADD1",
                     versionEndExcluding: "12.1-55.302",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*",
                     matchCriteriaId: "D1A11ABD-4F45-4BA9-B30B-F1D8A612CC15",
                     versionEndExcluding: "12.1-55.302",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
                     matchCriteriaId: "FC0A5AAC-62DD-416A-A801-A7A95D5EF73C",
                     versionEndExcluding: "13.0-92.21",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
                     matchCriteriaId: "8C8A6B95-8338-4EE7-A6EC-7D84AEDC4AF3",
                     versionEndExcluding: "13.1-37.176",
                     versionStartIncluding: "13.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
                     matchCriteriaId: "3CF77D9D-FC89-493D-B97D-F9699D182F54",
                     versionEndExcluding: "13.1-51.15",
                     versionStartIncluding: "13.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
                     matchCriteriaId: "62CD82CF-9013-4E54-B175-19B804A351AA",
                     versionEndExcluding: "14.1-12.35",
                     versionStartIncluding: "14.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "68E1F810-ABCD-40A7-A8C1-4E8727799C7C",
                     versionEndExcluding: "13.0-92.21",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E870C309-D5CD-4181-9DEB-4833DE2EAEB7",
                     versionEndExcluding: "13.1-51.15",
                     versionStartIncluding: "13.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2836707F-A36F-479E-BFDC-CF55AEFC37EE",
                     versionEndExcluding: "14.1-12.35",
                     versionStartIncluding: "14.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read\n",
      },
      {
         lang: "es",
         value: "La restricción inadecuada de las operaciones dentro de los límites de un búfer de memoria en NetScaler ADC y NetScaler Gateway permite una denegación de servicio no autenticada",
      },
   ],
   id: "CVE-2023-6549",
   lastModified: "2024-11-21T08:44:04.727",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.2,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 4.2,
            source: "secure@citrix.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-01-17T21:15:11.690",
   references: [
      {
         source: "secure@citrix.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549",
      },
   ],
   sourceIdentifier: "secure@citrix.com",
   vulnStatus: "Undergoing Analysis",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "secure@citrix.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2024-11-21 04:11
Summary
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "D8C7525B-2A2D-43AF-8DA0-11FF28322337",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CB678AF5-12B4-41D0-A381-46EE277313B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "123D42E1-3CDD-4D46-82F6-8982DE716F7E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FFCE3458-6750-4773-BA18-CAA67A6093D4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "7E0FA8E2-3E8F-481E-8C39-FB00A9739DFC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D2C6F82C-9969-4A6E-88C8-AB8BB0AAD3C7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A5D73B9A-59AA-4A38-AEAF-7EAB0965CD7E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B9F3ED0E-7F3D-477B-B645-77DA5FC7F502",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system.",
      },
      {
         lang: "es",
         value: "NetScaler ADC 10.5, 11.0, 11.1 y 12.0 y NetScaler Gateway 10.5, 11.0, 11.1 y12.0 permiten que atacantes remotos descarguen archivos arbitrarios en el sistema objetivo.",
      },
   ],
   id: "CVE-2018-6808",
   lastModified: "2024-11-21T04:11:13.900",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-03-06T20:29:01.063",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1040440",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX232161",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1040440",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX232161",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-12-27 14:15
Modified
2024-11-21 04:35
Severity ?
Summary
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
References
cve@mitre.orghttp://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttp://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttp://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttp://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttp://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttps://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/Broken Link, Third Party Advisory
cve@mitre.orghttps://forms.gle/eDf3DXZAv96oosfj6Third Party Advisory
cve@mitre.orghttps://support.citrix.com/article/CTX267027Vendor Advisory
cve@mitre.orghttps://twitter.com/bad_packets/status/1215431625766424576Broken Link, Third Party Advisory
cve@mitre.orghttps://www.kb.cert.org/vuls/id/619785Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://forms.gle/eDf3DXZAv96oosfj6Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.citrix.com/article/CTX267027Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://twitter.com/bad_packets/status/1215431625766424576Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.kb.cert.org/vuls/id/619785Third Party Advisory, US Government Resource



{
   cisaActionDue: "2022-05-03",
   cisaExploitAdd: "2021-11-03",
   cisaRequiredAction: "Apply updates per vendor instructions.",
   cisaVulnerabilityName: "Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability",
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "D56F2AAF-4658-484C-9A3A-D8A52BA5B10C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CE9E655-0D97-4DCF-AC2F-79DCD12770E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "49454F7D-77B5-46DF-B95C-312AF2E68EAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "201246D4-1E22-4F28-9683-D6A9FD0F7A6B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:13.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3A50966-5554-4919-B6CE-BD8F6FF991D8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "7E0FA8E2-3E8F-481E-8C39-FB00A9739DFC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A5D73B9A-59AA-4A38-AEAF-7EAB0965CD7E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B9F3ED0E-7F3D-477B-B645-77DA5FC7F502",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:12.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "58349F8E-3177-413A-9CBE-BB454DCD31E4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:gateway_firmware:13.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A80EAFB1-82DA-49BE-815D-D248624B442C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3EF98B43-71DB-4230-B7AC-76EC2B1F0533",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.",
      },
      {
         lang: "es",
         value: "Se descubrió un problema en Citrix Application Delivery Controller (ADC) and Gateway versiones 10.5, 11.1, 12.0, 12.1 y 13.0. Permiten un salto de directorio.",
      },
   ],
   id: "CVE-2019-19781",
   lastModified: "2024-11-21T04:35:22.303",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-12-27T14:15:12.070",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Third Party Advisory",
         ],
         url: "https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://forms.gle/eDf3DXZAv96oosfj6",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX267027",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Third Party Advisory",
         ],
         url: "https://twitter.com/bad_packets/status/1215431625766424576",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "https://www.kb.cert.org/vuls/id/619785",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Third Party Advisory",
         ],
         url: "https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://forms.gle/eDf3DXZAv96oosfj6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX267027",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Third Party Advisory",
         ],
         url: "https://twitter.com/bad_packets/status/1215431625766424576",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "https://www.kb.cert.org/vuls/id/619785",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-22",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-07-10 16:15
Modified
2024-11-21 05:38
Summary
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.



{
   cisaActionDue: "2022-05-03",
   cisaExploitAdd: "2021-11-03",
   cisaRequiredAction: "Apply updates per vendor instructions.",
   cisaVulnerabilityName: "Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability",
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC8327D0-8B64-44AF-A230-AAE32F3526CF",
                     versionEndExcluding: "10.5-70.18",
                     versionStartIncluding: "10.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D4807513-1157-4CE3-8998-9C5EB9BBDA3E",
                     versionEndExcluding: "11.1-64.14",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "165076F2-014F-46F9-A1AB-2256D935A21B",
                     versionEndExcluding: "12.0-63.21",
                     versionStartIncluding: "12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6AE49E6-A6B9-4E2B-9AFB-7F1808D052F6",
                     versionEndExcluding: "12.1-57.18",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "03868D24-B1C0-4245-AE28-0960CF2816C1",
                     versionEndExcluding: "13.0-58.30",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA7AAC01-A7CB-48F4-A25D-4A29479CD0DA",
                     versionEndExcluding: "10.5-70.18",
                     versionStartIncluding: "10.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "61C33096-91FD-4387-8B90-C8981DB7F926",
                     versionEndExcluding: "11.1-64.14",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7605821F-21B0-4F9D-AAD1-F901CED00585",
                     versionEndExcluding: "12.0-63.21",
                     versionStartIncluding: "12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FA8946F-75C2-4515-9EBE-E1884B35ECF1",
                     versionEndExcluding: "12.1-57.18",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6D0CC10-FE91-40E4-BFFD-11BE41DD4269",
                     versionEndExcluding: "13.0-58.30",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3EF98B43-71DB-4230-B7AC-76EC2B1F0533",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B7DF63BB-CCE6-4405-8E6D-6DF1BC975D3D",
                     versionEndExcluding: "10.2.7",
                     versionStartIncluding: "10.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D1A5E7D-C3A7-48B8-BD6D-5973F8361DEC",
                     versionEndExcluding: "11.0.3d",
                     versionStartIncluding: "11.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0471F1F0-F804-47BA-98A1-7080E1C740E7",
                     versionEndExcluding: "11.1.1a",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:4000-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "25C848BC-98F7-41D4-A262-8B7EB304F4C1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:4100-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3979EFF-AE6E-4274-97E2-58C7E01C920E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:5000-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C87AF39E-6BCF-4188-BAB1-A5CBDEBF662E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:5100-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "38514675-1C15-460C-B34C-2633A8A36A78",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.",
      },
      {
         lang: "es",
         value: "Un control de acceso inapropiado en Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18 y Citrix SDWAN WAN-OP versiones anteriores a 11.1.1a, 11.0.3d y 10.2.7, resulta en una divulgación de información limitada para usuarios poco privilegiados",
      },
   ],
   id: "CVE-2020-8196",
   lastModified: "2024-11-21T05:38:28.883",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-07-10T16:15:12.407",
   references: [
      {
         source: "support@hackerone.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html",
      },
      {
         source: "support@hackerone.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX276688",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX276688",
      },
   ],
   sourceIdentifier: "support@hackerone.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-284",
            },
         ],
         source: "support@hackerone.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-07-10 16:15
Modified
2024-11-21 05:38
Summary
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.



{
   cisaActionDue: "2022-05-03",
   cisaExploitAdd: "2021-11-03",
   cisaRequiredAction: "Apply updates per vendor instructions.",
   cisaVulnerabilityName: "Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability",
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC8327D0-8B64-44AF-A230-AAE32F3526CF",
                     versionEndExcluding: "10.5-70.18",
                     versionStartIncluding: "10.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D4807513-1157-4CE3-8998-9C5EB9BBDA3E",
                     versionEndExcluding: "11.1-64.14",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "165076F2-014F-46F9-A1AB-2256D935A21B",
                     versionEndExcluding: "12.0-63.21",
                     versionStartIncluding: "12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6AE49E6-A6B9-4E2B-9AFB-7F1808D052F6",
                     versionEndExcluding: "12.1-57.18",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "03868D24-B1C0-4245-AE28-0960CF2816C1",
                     versionEndExcluding: "13.0-58.30",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA7AAC01-A7CB-48F4-A25D-4A29479CD0DA",
                     versionEndExcluding: "10.5-70.18",
                     versionStartIncluding: "10.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "61C33096-91FD-4387-8B90-C8981DB7F926",
                     versionEndExcluding: "11.1-64.14",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7605821F-21B0-4F9D-AAD1-F901CED00585",
                     versionEndExcluding: "12.0-63.21",
                     versionStartIncluding: "12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FA8946F-75C2-4515-9EBE-E1884B35ECF1",
                     versionEndExcluding: "12.1-57.18",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6D0CC10-FE91-40E4-BFFD-11BE41DD4269",
                     versionEndExcluding: "13.0-58.30",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3EF98B43-71DB-4230-B7AC-76EC2B1F0533",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B7DF63BB-CCE6-4405-8E6D-6DF1BC975D3D",
                     versionEndExcluding: "10.2.7",
                     versionStartIncluding: "10.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D1A5E7D-C3A7-48B8-BD6D-5973F8361DEC",
                     versionEndExcluding: "11.0.3d",
                     versionStartIncluding: "11.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0471F1F0-F804-47BA-98A1-7080E1C740E7",
                     versionEndExcluding: "11.1.1a",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:4000-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "25C848BC-98F7-41D4-A262-8B7EB304F4C1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:4100-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3979EFF-AE6E-4274-97E2-58C7E01C920E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:5000-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C87AF39E-6BCF-4188-BAB1-A5CBDEBF662E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:5100-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "38514675-1C15-460C-B34C-2633A8A36A78",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.",
      },
      {
         lang: "es",
         value: "Un control de acceso inapropiado en Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18 y Citrix SDWAN WAN-OP versiones anteriores a 11.1.1a, 11.0.3d y 10.2.7, permite un acceso no autenticado a determinados endpoints de URL",
      },
   ],
   id: "CVE-2020-8193",
   lastModified: "2024-11-21T05:38:28.530",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.5,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-07-10T16:15:12.157",
   references: [
      {
         source: "support@hackerone.com",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html",
      },
      {
         source: "support@hackerone.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX276688",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX276688",
      },
   ],
   sourceIdentifier: "support@hackerone.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-284",
            },
         ],
         source: "support@hackerone.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2024-11-21 04:11
Severity ?
Summary
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "D8C7525B-2A2D-43AF-8DA0-11FF28322337",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CB678AF5-12B4-41D0-A381-46EE277313B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "123D42E1-3CDD-4D46-82F6-8982DE716F7E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FFCE3458-6750-4773-BA18-CAA67A6093D4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "7E0FA8E2-3E8F-481E-8C39-FB00A9739DFC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D2C6F82C-9969-4A6E-88C8-AB8BB0AAD3C7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A5D73B9A-59AA-4A38-AEAF-7EAB0965CD7E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B9F3ED0E-7F3D-477B-B645-77DA5FC7F502",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system.",
      },
      {
         lang: "es",
         value: "NetScaler ADC 10.5, 11.0, 11.1 y 12.0 y NetScaler Gateway 10.5, 11.0, 11.1 y12.0 permiten que atacantes remotos obtengan privilegios en el sistema objetivo.",
      },
   ],
   id: "CVE-2018-6809",
   lastModified: "2024-11-21T04:11:14.047",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-03-06T20:29:01.127",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1040440",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX232161",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1040440",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX232161",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-07-10 16:15
Modified
2024-11-21 05:38
Summary
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC8327D0-8B64-44AF-A230-AAE32F3526CF",
                     versionEndExcluding: "10.5-70.18",
                     versionStartIncluding: "10.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D4807513-1157-4CE3-8998-9C5EB9BBDA3E",
                     versionEndExcluding: "11.1-64.14",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "165076F2-014F-46F9-A1AB-2256D935A21B",
                     versionEndExcluding: "12.0-63.21",
                     versionStartIncluding: "12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6AE49E6-A6B9-4E2B-9AFB-7F1808D052F6",
                     versionEndExcluding: "12.1-57.18",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "03868D24-B1C0-4245-AE28-0960CF2816C1",
                     versionEndExcluding: "13.0-58.30",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA7AAC01-A7CB-48F4-A25D-4A29479CD0DA",
                     versionEndExcluding: "10.5-70.18",
                     versionStartIncluding: "10.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "61C33096-91FD-4387-8B90-C8981DB7F926",
                     versionEndExcluding: "11.1-64.14",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7605821F-21B0-4F9D-AAD1-F901CED00585",
                     versionEndExcluding: "12.0-63.21",
                     versionStartIncluding: "12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FA8946F-75C2-4515-9EBE-E1884B35ECF1",
                     versionEndExcluding: "12.1-57.18",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6D0CC10-FE91-40E4-BFFD-11BE41DD4269",
                     versionEndExcluding: "13.0-58.30",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3EF98B43-71DB-4230-B7AC-76EC2B1F0533",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B7DF63BB-CCE6-4405-8E6D-6DF1BC975D3D",
                     versionEndExcluding: "10.2.7",
                     versionStartIncluding: "10.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D1A5E7D-C3A7-48B8-BD6D-5973F8361DEC",
                     versionEndExcluding: "11.0.3d",
                     versionStartIncluding: "11.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0471F1F0-F804-47BA-98A1-7080E1C740E7",
                     versionEndExcluding: "11.1.1a",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:4000-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "25C848BC-98F7-41D4-A262-8B7EB304F4C1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:4100-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3979EFF-AE6E-4274-97E2-58C7E01C920E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:5000-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C87AF39E-6BCF-4188-BAB1-A5CBDEBF662E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:5100-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "38514675-1C15-460C-B34C-2633A8A36A78",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).",
      },
      {
         lang: "es",
         value: "Una comprobación de entrada inapropiada en versiones de Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18 y Citrix SDWAN WAN-OP versiones anteriores a 11.1.1a, 11.0.3d y 10.2.7, permite un ataque de tipo Cross Site Scripting (XSS) reflejado",
      },
   ],
   id: "CVE-2020-8191",
   lastModified: "2024-11-21T05:38:28.313",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-07-10T16:15:12.077",
   references: [
      {
         source: "support@hackerone.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX276688",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX276688",
      },
   ],
   sourceIdentifier: "support@hackerone.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "support@hackerone.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-07-10 16:15
Modified
2024-11-21 05:38
Summary
Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC8327D0-8B64-44AF-A230-AAE32F3526CF",
                     versionEndExcluding: "10.5-70.18",
                     versionStartIncluding: "10.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D4807513-1157-4CE3-8998-9C5EB9BBDA3E",
                     versionEndExcluding: "11.1-64.14",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "165076F2-014F-46F9-A1AB-2256D935A21B",
                     versionEndExcluding: "12.0-63.21",
                     versionStartIncluding: "12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6AE49E6-A6B9-4E2B-9AFB-7F1808D052F6",
                     versionEndExcluding: "12.1-57.18",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "03868D24-B1C0-4245-AE28-0960CF2816C1",
                     versionEndExcluding: "13.0-58.30",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA7AAC01-A7CB-48F4-A25D-4A29479CD0DA",
                     versionEndExcluding: "10.5-70.18",
                     versionStartIncluding: "10.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "61C33096-91FD-4387-8B90-C8981DB7F926",
                     versionEndExcluding: "11.1-64.14",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7605821F-21B0-4F9D-AAD1-F901CED00585",
                     versionEndExcluding: "12.0-63.21",
                     versionStartIncluding: "12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FA8946F-75C2-4515-9EBE-E1884B35ECF1",
                     versionEndExcluding: "12.1-57.18",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6D0CC10-FE91-40E4-BFFD-11BE41DD4269",
                     versionEndExcluding: "13.0-58.30",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3EF98B43-71DB-4230-B7AC-76EC2B1F0533",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B7DF63BB-CCE6-4405-8E6D-6DF1BC975D3D",
                     versionEndExcluding: "10.2.7",
                     versionStartIncluding: "10.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D1A5E7D-C3A7-48B8-BD6D-5973F8361DEC",
                     versionEndExcluding: "11.0.3d",
                     versionStartIncluding: "11.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0471F1F0-F804-47BA-98A1-7080E1C740E7",
                     versionEndExcluding: "11.1.1a",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:4000-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "25C848BC-98F7-41D4-A262-8B7EB304F4C1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:4100-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3979EFF-AE6E-4274-97E2-58C7E01C920E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:5000-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C87AF39E-6BCF-4188-BAB1-A5CBDEBF662E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:5100-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "38514675-1C15-460C-B34C-2633A8A36A78",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.",
      },
      {
         lang: "es",
         value: "Una inyección de código reflejado en Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18 y Citrix SDWAN WAN-OP versiones anteriores a 11.1.1a, 11.0.3d y 10.2.7, permite la modificación de una descarga de archivo",
      },
   ],
   id: "CVE-2020-8194",
   lastModified: "2024-11-21T05:38:28.647",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-07-10T16:15:12.247",
   references: [
      {
         source: "support@hackerone.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX276688",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX276688",
      },
   ],
   sourceIdentifier: "support@hackerone.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-94",
            },
         ],
         source: "support@hackerone.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-94",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-10-10 14:15
Modified
2024-11-21 08:36
Summary
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server. 



{
   cisaActionDue: "2023-11-08",
   cisaExploitAdd: "2023-10-18",
   cisaRequiredAction: "Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.",
   cisaVulnerabilityName: "Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability",
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
                     matchCriteriaId: "492BEB4B-7A4B-47C2-93D1-2B0683AA3A20",
                     versionEndExcluding: "12.1-55.300",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*",
                     matchCriteriaId: "81EF12C2-4197-4C0D-BE11-556F05DAD646",
                     versionEndExcluding: "12.1-55.300",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
                     matchCriteriaId: "9EEC53B2-686A-4C6F-98DE-5D6AE804B0A8",
                     versionEndExcluding: "13.0-92.19",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
                     matchCriteriaId: "109301A8-9ADD-4A49-9C45-D21A4DA840E9",
                     versionEndExcluding: "13.1-37.164",
                     versionStartIncluding: "13.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
                     matchCriteriaId: "5C1739C5-48C1-46BC-A524-B4CC4C5B6436",
                     versionEndExcluding: "13.1-49.15",
                     versionStartIncluding: "13.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
                     matchCriteriaId: "9148C36D-98B4-4166-8B9A-449EA86BA4B1",
                     versionEndExcluding: "14.1-8.50",
                     versionStartIncluding: "14.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5FB1412D-F8D8-4592-A8A9-C1B841B93D5E",
                     versionEndExcluding: "13.0-92.19",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "28A08B32-D145-499F-866E-BEEEDEBB2901",
                     versionEndExcluding: "13.1-49.15",
                     versionStartIncluding: "13.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4F1610E6-FE48-4339-8E74-765E0517E33D",
                     versionEndExcluding: "14.1-8.50",
                     versionStartIncluding: "14.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server. \n\n\n\n",
      },
      {
         lang: "es",
         value: "Divulgación de información confidencial en NetScaler ADC y NetScaler Gateway cuando se configura como Gateway (servidor virtual VPN, ICA Proxy, CVPN, RDP Proxy) o servidor \"virtual\" AAA.",
      },
   ],
   id: "CVE-2023-4966",
   lastModified: "2024-11-21T08:36:21.617",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 9.4,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.5,
            source: "secure@citrix.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-10-10T14:15:10.977",
   references: [
      {
         source: "secure@citrix.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html",
      },
      {
         source: "secure@citrix.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX579459",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX579459",
      },
   ],
   sourceIdentifier: "secure@citrix.com",
   vulnStatus: "Undergoing Analysis",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "secure@citrix.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-07-19 18:15
Modified
2024-11-21 08:17
Summary
Unauthenticated remote code execution



{
   cisaActionDue: "2023-08-09",
   cisaExploitAdd: "2023-07-19",
   cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
   cisaVulnerabilityName: "Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability",
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
                     matchCriteriaId: "8927B2FA-F87E-4D81-AC29-9032184ECB7E",
                     versionEndExcluding: "12.1-55.297",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*",
                     matchCriteriaId: "9845E7B1-5604-497D-8241-048E91987C13",
                     versionEndExcluding: "12.1-55.297",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
                     matchCriteriaId: "AD949674-8DC1-4B0D-8C0C-F593539E12F1",
                     versionEndExcluding: "13.0-91.13",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
                     matchCriteriaId: "BD0739E3-F7A4-463C-96B0-9D7BDBF218C4",
                     versionEndExcluding: "13.1-37.159",
                     versionStartIncluding: "13.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
                     matchCriteriaId: "FCEED8AC-F9A9-4F75-BB32-F53967A8E9A0",
                     versionEndExcluding: "13.1-49.13",
                     versionStartIncluding: "13.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:11.1-65.22:*:*:*:fips:*:*:*",
                     matchCriteriaId: "102C0D0F-AC37-43B0-8B9A-103B37436130",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC825A83-8D84-42C7-868F-0470FF79D497",
                     versionEndExcluding: "13.0-91.13",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "442F6925-199D-4E5B-84C1-05C4D8108B62",
                     versionEndExcluding: "13.1-49.13",
                     versionStartIncluding: "13.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Unauthenticated remote code execution\n",
      },
   ],
   id: "CVE-2023-3519",
   lastModified: "2024-11-21T08:17:26.603",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "secure@citrix.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-07-19T18:15:11.513",
   references: [
      {
         source: "secure@citrix.com",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.html",
      },
      {
         source: "secure@citrix.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467",
      },
   ],
   sourceIdentifier: "secure@citrix.com",
   vulnStatus: "Undergoing Analysis",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-94",
            },
         ],
         source: "secure@citrix.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-94",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2024-01-17 20:15
Modified
2024-11-21 08:44
Summary
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.



{
   cisaActionDue: "2024-01-24",
   cisaExploitAdd: "2024-01-17",
   cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
   cisaVulnerabilityName: "Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability",
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
                     matchCriteriaId: "E5672003-8E6B-4316-B5C9-FE436080ADD1",
                     versionEndExcluding: "12.1-55.302",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*",
                     matchCriteriaId: "D1A11ABD-4F45-4BA9-B30B-F1D8A612CC15",
                     versionEndExcluding: "12.1-55.302",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
                     matchCriteriaId: "FC0A5AAC-62DD-416A-A801-A7A95D5EF73C",
                     versionEndExcluding: "13.0-92.21",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
                     matchCriteriaId: "8C8A6B95-8338-4EE7-A6EC-7D84AEDC4AF3",
                     versionEndExcluding: "13.1-37.176",
                     versionStartIncluding: "13.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
                     matchCriteriaId: "3CF77D9D-FC89-493D-B97D-F9699D182F54",
                     versionEndExcluding: "13.1-51.15",
                     versionStartIncluding: "13.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
                     matchCriteriaId: "62CD82CF-9013-4E54-B175-19B804A351AA",
                     versionEndExcluding: "14.1-12.35",
                     versionStartIncluding: "14.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "68E1F810-ABCD-40A7-A8C1-4E8727799C7C",
                     versionEndExcluding: "13.0-92.21",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E870C309-D5CD-4181-9DEB-4833DE2EAEB7",
                     versionEndExcluding: "13.1-51.15",
                     versionStartIncluding: "13.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2836707F-A36F-479E-BFDC-CF55AEFC37EE",
                     versionEndExcluding: "14.1-12.35",
                     versionStartIncluding: "14.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.",
      },
      {
         lang: "es",
         value: "El control inadecuado de la generación de código (\"inyección de código\") en NetScaler ADC y NetScaler Gateway permite a un atacante con acceso a NSIP, CLIP o SNIP con interfaz de administración realizar una ejecución remota de código autenticado (con privilegios bajos) en Management Interface.",
      },
   ],
   id: "CVE-2023-6548",
   lastModified: "2024-11-21T08:44:04.570",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.1,
            impactScore: 3.4,
            source: "secure@citrix.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-01-17T20:15:50.627",
   references: [
      {
         source: "secure@citrix.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549",
      },
   ],
   sourceIdentifier: "secure@citrix.com",
   vulnStatus: "Undergoing Analysis",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-94",
            },
         ],
         source: "secure@citrix.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-94",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2024-11-21 04:11
Summary
Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "7E0FA8E2-3E8F-481E-8C39-FB00A9739DFC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D2C6F82C-9969-4A6E-88C8-AB8BB0AAD3C7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A5D73B9A-59AA-4A38-AEAF-7EAB0965CD7E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B9F3ED0E-7F3D-477B-B645-77DA5FC7F502",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "D8C7525B-2A2D-43AF-8DA0-11FF28322337",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CB678AF5-12B4-41D0-A381-46EE277313B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "123D42E1-3CDD-4D46-82F6-8982DE716F7E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FFCE3458-6750-4773-BA18-CAA67A6093D4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de salto de directorio en NetScaler ADC 10.5, 11.0, 11.1 y 12.0 y NetScaler Gateway 10.5, 11.0, 11.1 y12.0 permite que atacantes remotos salten el directorio en el sistema objetivo mediante una petición manipulada.",
      },
   ],
   id: "CVE-2018-6810",
   lastModified: "2024-11-21T04:11:14.190",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-03-06T20:29:01.203",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1040440",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX232161",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1040440",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX232161",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-22",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-07-10 16:15
Modified
2024-11-21 05:38
Summary
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC8327D0-8B64-44AF-A230-AAE32F3526CF",
                     versionEndExcluding: "10.5-70.18",
                     versionStartIncluding: "10.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D4807513-1157-4CE3-8998-9C5EB9BBDA3E",
                     versionEndExcluding: "11.1-64.14",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "165076F2-014F-46F9-A1AB-2256D935A21B",
                     versionEndExcluding: "12.0-63.21",
                     versionStartIncluding: "12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6AE49E6-A6B9-4E2B-9AFB-7F1808D052F6",
                     versionEndExcluding: "12.1-57.18",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "03868D24-B1C0-4245-AE28-0960CF2816C1",
                     versionEndExcluding: "13.0-58.30",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA7AAC01-A7CB-48F4-A25D-4A29479CD0DA",
                     versionEndExcluding: "10.5-70.18",
                     versionStartIncluding: "10.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "61C33096-91FD-4387-8B90-C8981DB7F926",
                     versionEndExcluding: "11.1-64.14",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7605821F-21B0-4F9D-AAD1-F901CED00585",
                     versionEndExcluding: "12.0-63.21",
                     versionStartIncluding: "12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FA8946F-75C2-4515-9EBE-E1884B35ECF1",
                     versionEndExcluding: "12.1-57.18",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6D0CC10-FE91-40E4-BFFD-11BE41DD4269",
                     versionEndExcluding: "13.0-58.30",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3EF98B43-71DB-4230-B7AC-76EC2B1F0533",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B7DF63BB-CCE6-4405-8E6D-6DF1BC975D3D",
                     versionEndExcluding: "10.2.7",
                     versionStartIncluding: "10.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D1A5E7D-C3A7-48B8-BD6D-5973F8361DEC",
                     versionEndExcluding: "11.0.3d",
                     versionStartIncluding: "11.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0471F1F0-F804-47BA-98A1-7080E1C740E7",
                     versionEndExcluding: "11.1.1a",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:4000-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "25C848BC-98F7-41D4-A262-8B7EB304F4C1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:4100-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3979EFF-AE6E-4274-97E2-58C7E01C920E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:5000-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C87AF39E-6BCF-4188-BAB1-A5CBDEBF662E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:5100-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "38514675-1C15-460C-B34C-2633A8A36A78",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).",
      },
      {
         lang: "es",
         value: "Una comprobación de entrada inapropiada en Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18 y Citrix SDWAN WAN-OP versiones anteriores a 11.1.1a, 11.0.3d y 10.2.7, resulta en una vulnerabilidad de tipo Cross-Site Scripting (XSS) Almacenado",
      },
   ],
   id: "CVE-2020-8198",
   lastModified: "2024-11-21T05:38:29.103",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-07-10T16:15:12.560",
   references: [
      {
         source: "support@hackerone.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX276688",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX276688",
      },
   ],
   sourceIdentifier: "support@hackerone.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "support@hackerone.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-09-18 21:15
Modified
2024-11-21 05:38
Summary
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD2A238E-72C4-4D74-B902-2EE8E602AAC1",
                     versionEndExcluding: "11.1-65.12",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1C991579-B6B8-4F07-9AF9-739452F1F5AA",
                     versionEndExcluding: "12.1-58.15",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED09F4AE-DCC6-4C7D-BFA1-D22E16893C97",
                     versionEndExcluding: "13.0-64.35",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F98105E-37A4-46F4-BA82-A8E95372A370",
                     versionEndExcluding: "11.1-65.12",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "178C6CA9-0068-4225-A209-E13A880ED188",
                     versionEndExcluding: "13.0-64.35",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CFAC08D1-1FE8-4910-9D50-F167537C7C91",
                     versionEndExcluding: "12.1-58.15",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D76AEFBD-225E-45D3-B604-CAF0032BA861",
                     versionEndExcluding: "10.2.7b",
                     versionStartIncluding: "10.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7296BF8E-186C-4279-AF08-C3D1282322F0",
                     versionEndExcluding: "11.0.3f",
                     versionStartIncluding: "11.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "92806100-D243-43CC-ACA7-DF9E95E2740D",
                     versionEndExcluding: "11.1.2a",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4FB67ED6-6586-4280-A521-E1EDA81C68BE",
                     versionEndExcluding: "11.2.1a",
                     versionStartIncluding: "11.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:sd-wan_wanop:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "10F0ACFD-9D48-43F6-A45C-D5F0313BB952",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.",
      },
      {
         lang: "es",
         value: "Citrix ADC y Citrix Gateway versiones 13.0 anteriores a 13.0-64.35, Citrix ADC y NetScaler Gateway versiones 12.1 anteriores a 12.1-58.15, Citrix ADC versiones 12.1-FIPS anteriores a 12.1-55.187, Citrix ADC y NetScaler Gateway versión 12.0, Citrix ADC y NetScaler Gateway versiones 11.1 anteriores a 11.1-65.12, Citrix SD-WAN WANOP versiones 11.2 anteriores a 11.2.1a, Citrix SD-WAN WANOP versiones 11.1 anteriores a 11.1.2a, Citrix SD-WAN WANOP versiones 11.0 anteriores a 11.0.3f, Citrix SD-WAN WANOP versiones 10.2 anteriores a 10.2.7b, son vulnerables a una escalada de privilegios en la interfaz de administración",
      },
   ],
   id: "CVE-2020-8247",
   lastModified: "2024-11-21T05:38:35.100",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-09-18T21:15:13.327",
   references: [
      {
         source: "support@hackerone.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX281474",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX281474",
      },
   ],
   sourceIdentifier: "support@hackerone.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-269",
            },
         ],
         source: "support@hackerone.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-269",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-08-05 21:15
Modified
2024-11-21 05:50
Summary
A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "92AEAC43-113D-456B-89C0-1872A67224AC",
                     versionEndExcluding: "11.1-65.22",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "40FC22F7-EA37-48D7-822D-B66EE2B25FE2",
                     versionEndExcluding: "12.1-62.27",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1035921-397B-4E88-AF1A-DF581B75B4B2",
                     versionEndExcluding: "13.0-82.45",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8BEBCAD2-581F-4217-8425-46C03584E673",
                     versionEndExcluding: "12.1-55.238",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:mpx\\/sdx_14030_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCB11BC1-0702-436F-BFE2-14B38B118D99",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx\\/sdx_14060_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8569B182-D0A7-414B-B0A3-4DD2FAB44F69",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx\\/sdx_14080_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABB9B3E9-EED4-4D74-BE4C-DFAFAB1F0994",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_15030-50g_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F60729DF-EDC8-4462-ABD2-6E4199F22701",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_15040-50g_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B789F02A-56CB-4871-9D9D-FAB0F31A72A1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_15060-50g_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "06699186-E7E4-463C-8844-77B2A750B985",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_15080-50g_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F00DBEBF-29BE-4D6A-BF79-19208AAB0D7F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_15100-50g_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "848169A6-CAD7-4E14-BC5D-B2E94DC93CCB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_15120-50g_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C69709C-885A-4F19-899D-A7B5CE7066EF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_8905_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6B2136C1-8AB6-4C70-87F4-1F8A93A876C9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_8910_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "492323D2-339D-404C-BB9B-E09ABB87FA2B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_8920_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AB83185D-DD6F-47CD-B500-499F9EF65093",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4564E909-7F8E-40DF-B941-FFACC03B97B7",
                     versionEndExcluding: "12.1-62.27",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB5357D6-4995-4966-8B63-11E636AD58BC",
                     versionEndExcluding: "13.0-82.45",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CE3B890B-5A0E-4B5A-A9E1-0C6DDF9524E6",
                     versionEndExcluding: "11.1-65.22",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9B222CD-3235-4153-97B0-D8F6FF1FB7BE",
                     versionEndExcluding: "10.2.9.b",
                     versionStartIncluding: "10.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "22226FCE-A3D3-4FAB-909A-7922AAC3035A",
                     versionEndExcluding: "11.2.3.b",
                     versionStartIncluding: "11.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0A54438-E0DA-4134-87FE-D7BFE30A3BAA",
                     versionEndExcluding: "11.3.2.a",
                     versionStartIncluding: "11.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DB0A1FE7-9F5D-476E-A3E0-2B6260DE0366",
                     versionEndExcluding: "11.4.0.a",
                     versionStartIncluding: "11.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:4000-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "25C848BC-98F7-41D4-A262-8B7EB304F4C1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:4100-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3979EFF-AE6E-4274-97E2-58C7E01C920E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:5000-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C87AF39E-6BCF-4188-BAB1-A5CBDEBF662E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:5100-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "38514675-1C15-460C-B34C-2633A8A36A78",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed.",
      },
      {
         lang: "es",
         value: "Se ha detectado una vulnerabilidad en Citrix ADC (conocido anteriormente como NetScaler ADC) y Citrix Gateway (conocido anteriormente como NetScaler Gateway), y en los modelos 4000-WO, 4100-WO, 5000-WO y 5100-WO de Citrix SD-WAN WANOP Edition. Estas vulnerabilidades, si son explotadas, podrían conllevar a el consumo total del limitado espacio de disco disponible en los dispositivos",
      },
   ],
   id: "CVE-2021-22919",
   lastModified: "2024-11-21T05:50:54.897",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-08-05T21:15:10.997",
   references: [
      {
         source: "support@hackerone.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX319135",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX319135",
      },
   ],
   sourceIdentifier: "support@hackerone.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-770",
            },
         ],
         source: "support@hackerone.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-770",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-10-21 18:15
Modified
2024-11-21 04:32
Severity ?
Summary
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "D56F2AAF-4658-484C-9A3A-D8A52BA5B10C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CE9E655-0D97-4DCF-AC2F-79DCD12770E5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "49454F7D-77B5-46DF-B95C-312AF2E68EAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "201246D4-1E22-4F28-9683-D6A9FD0F7A6B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:13.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3A50966-5554-4919-B6CE-BD8F6FF991D8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "7E0FA8E2-3E8F-481E-8C39-FB00A9739DFC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A5D73B9A-59AA-4A38-AEAF-7EAB0965CD7E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B9F3ED0E-7F3D-477B-B645-77DA5FC7F502",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:12.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "58349F8E-3177-413A-9CBE-BB454DCD31E4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:gateway_firmware:13.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A80EAFB1-82DA-49BE-815D-D248624B442C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3EF98B43-71DB-4230-B7AC-76EC2B1F0533",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name.",
      },
      {
         lang: "es",
         value: "Se detectó un problema en Citrix Application Delivery Controller (ADC) y Gateway versiones anteriores a 10.5 build 70.8, versiones 11.x anteriores a 11.1 build 63.9, versión 12.0 anterior a build 62.10, versión 12.1 anterior a build 54.16 y versión 13.0 anterior a build 41.28. Un atacante con acceso a la interfaz de administración puede omitir la autenticación para obtener acceso administrativo del dispositivo. Estos productos anteriormente usaron la marca NetScaler.",
      },
   ],
   id: "CVE-2019-18225",
   lastModified: "2024-11-21T04:32:52.460",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-10-21T18:15:10.680",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX261055",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX261055",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-03-01 17:29
Modified
2024-11-21 04:08
Summary
Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3F5E9373-2929-445C-9111-763997337B8F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B4BF6327-71CB-4536-9C75-0A4FBDA0CE6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F80C2375-6C9C-4EAE-BA20-A09D9DC85CFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD9ED928-BD5A-466D-A7F0-531E2DC1ED11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7C28575C-9D3E-4818-9CE8-97EBC993E4E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C4E17DA-D4EA-49A9-9AB1-FDCA5A830B59",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_sd-wan:9.3.0:*:*:*:wan_optimization:*:*:*",
                     matchCriteriaId: "2C3A8744-6053-4678-B132-2BD6B0178C7F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de inyección de comandos en Citrix NetScaler ADC y NetScaler Gateway en versiones 11.0 anteriores a la build 70.16, versiones 11.1 anteriores a la build 55.13 y las versiones 12.0 anteriores a la build 53.13; y la instancia NetScaler Load Balancing distribuida en NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 y 5100 WAN Optimization Edition 9.3.0 permite que atacantes remotos ejecuten un comando del sistema o lean archivos arbitrarios mediante un mensaje de inicio de sesión SSH.",
      },
   ],
   id: "CVE-2018-5314",
   lastModified: "2024-11-21T04:08:34.450",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-03-01T17:29:00.477",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/103186",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1040439",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX232199",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/103186",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1040439",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX232199",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-07-10 16:15
Modified
2024-11-21 05:38
Summary
Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC8327D0-8B64-44AF-A230-AAE32F3526CF",
                     versionEndExcluding: "10.5-70.18",
                     versionStartIncluding: "10.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D4807513-1157-4CE3-8998-9C5EB9BBDA3E",
                     versionEndExcluding: "11.1-64.14",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "165076F2-014F-46F9-A1AB-2256D935A21B",
                     versionEndExcluding: "12.0-63.21",
                     versionStartIncluding: "12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6AE49E6-A6B9-4E2B-9AFB-7F1808D052F6",
                     versionEndExcluding: "12.1-57.18",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "03868D24-B1C0-4245-AE28-0960CF2816C1",
                     versionEndExcluding: "13.0-58.30",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA7AAC01-A7CB-48F4-A25D-4A29479CD0DA",
                     versionEndExcluding: "10.5-70.18",
                     versionStartIncluding: "10.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "61C33096-91FD-4387-8B90-C8981DB7F926",
                     versionEndExcluding: "11.1-64.14",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7605821F-21B0-4F9D-AAD1-F901CED00585",
                     versionEndExcluding: "12.0-63.21",
                     versionStartIncluding: "12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FA8946F-75C2-4515-9EBE-E1884B35ECF1",
                     versionEndExcluding: "12.1-57.18",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6D0CC10-FE91-40E4-BFFD-11BE41DD4269",
                     versionEndExcluding: "13.0-58.30",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3EF98B43-71DB-4230-B7AC-76EC2B1F0533",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad de escalada de privilegios en Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18, permite a un usuario poco privilegiado con acceso de administración ejecutar comandos arbitrarios",
      },
   ],
   id: "CVE-2020-8197",
   lastModified: "2024-11-21T05:38:29.000",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-07-10T16:15:12.483",
   references: [
      {
         source: "support@hackerone.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX276688",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX276688",
      },
   ],
   sourceIdentifier: "support@hackerone.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-08-05 21:15
Modified
2024-11-21 05:50
Summary
A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "92AEAC43-113D-456B-89C0-1872A67224AC",
                     versionEndExcluding: "11.1-65.22",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "40FC22F7-EA37-48D7-822D-B66EE2B25FE2",
                     versionEndExcluding: "12.1-62.27",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1035921-397B-4E88-AF1A-DF581B75B4B2",
                     versionEndExcluding: "13.0-82.45",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8BEBCAD2-581F-4217-8425-46C03584E673",
                     versionEndExcluding: "12.1-55.238",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:mpx\\/sdx_14030_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCB11BC1-0702-436F-BFE2-14B38B118D99",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx\\/sdx_14060_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8569B182-D0A7-414B-B0A3-4DD2FAB44F69",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx\\/sdx_14080_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABB9B3E9-EED4-4D74-BE4C-DFAFAB1F0994",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_15030-50g_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F60729DF-EDC8-4462-ABD2-6E4199F22701",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_15040-50g_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B789F02A-56CB-4871-9D9D-FAB0F31A72A1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_15060-50g_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "06699186-E7E4-463C-8844-77B2A750B985",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_15080-50g_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F00DBEBF-29BE-4D6A-BF79-19208AAB0D7F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_15100-50g_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "848169A6-CAD7-4E14-BC5D-B2E94DC93CCB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_15120-50g_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C69709C-885A-4F19-899D-A7B5CE7066EF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_8905_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6B2136C1-8AB6-4C70-87F4-1F8A93A876C9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_8910_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "492323D2-339D-404C-BB9B-E09ABB87FA2B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_8920_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AB83185D-DD6F-47CD-B500-499F9EF65093",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4564E909-7F8E-40DF-B941-FFACC03B97B7",
                     versionEndExcluding: "12.1-62.27",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB5357D6-4995-4966-8B63-11E636AD58BC",
                     versionEndExcluding: "13.0-82.45",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CE3B890B-5A0E-4B5A-A9E1-0C6DDF9524E6",
                     versionEndExcluding: "11.1-65.22",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.",
      },
      {
         lang: "es",
         value: "Se presenta una vulnerabilidad de fijación de sesión en Citrix ADC y Citrix Gateway versión 13.0-82.45, cuando es configurado el proveedor de servicios SAML que podría permitir a un atacante secuestrar una sesión",
      },
   ],
   id: "CVE-2021-22927",
   lastModified: "2024-11-21T05:50:56.220",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 8.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-08-05T21:15:11.643",
   references: [
      {
         source: "support@hackerone.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX319135",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX319135",
      },
   ],
   sourceIdentifier: "support@hackerone.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-384",
            },
         ],
         source: "support@hackerone.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-384",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-06-16 14:15
Modified
2024-11-21 05:38
Summary
Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "003574BC-2C37-44D6-9F5E-E931F5ECE169",
                     versionEndExcluding: "12.1-62.23",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FAE6C6C5-2C85-484E-A61A-C17096C4D9F7",
                     versionEndExcluding: "13.0-82.41",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D77B2AD2-BAF1-4FD3-B7C5-88AC1B130971",
                     versionEndExcluding: "11.1-65.20",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E178AA28-B24F-4565-A314-1E58AAC54648",
                     versionEndExcluding: "11.1-65.20",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "024F407E-F369-4B9C-BC3C-5CB0FF613526",
                     versionEndExcluding: "12.1-62.23",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A5675439-B8C6-4ABD-8D53-F2D9BB49F33D",
                     versionEndExcluding: "13.0-82.41",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8BEBCAD2-581F-4217-8425-46C03584E673",
                     versionEndExcluding: "12.1-55.238",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:mpx\\/sdx_14030_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCB11BC1-0702-436F-BFE2-14B38B118D99",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx\\/sdx_14060_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8569B182-D0A7-414B-B0A3-4DD2FAB44F69",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx\\/sdx_14080_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABB9B3E9-EED4-4D74-BE4C-DFAFAB1F0994",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_15030-50g_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F60729DF-EDC8-4462-ABD2-6E4199F22701",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_15040-50g_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B789F02A-56CB-4871-9D9D-FAB0F31A72A1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_15060-50g_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "06699186-E7E4-463C-8844-77B2A750B985",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_15080-50g_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F00DBEBF-29BE-4D6A-BF79-19208AAB0D7F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_15100-50g_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "848169A6-CAD7-4E14-BC5D-B2E94DC93CCB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_15120-50g_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C69709C-885A-4F19-899D-A7B5CE7066EF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_8905_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6B2136C1-8AB6-4C70-87F4-1F8A93A876C9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_8910_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "492323D2-339D-404C-BB9B-E09ABB87FA2B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_8920_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AB83185D-DD6F-47CD-B500-499F9EF65093",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.",
      },
      {
         lang: "es",
         value: "Citrix ADC y Citrix/NetScaler Gateway versiones anteriores a 13.0-82.41, 12.1-62.23, 11.1-65.20 y Citrix ADC 12.1-FIPS versiones anteriores a 12.1-55.238, sufren de un control de acceso inapropiado que permite el secuestro de la autenticación SAML mediante un ataque de phishing para robar una sesión de usuario válida. Tome en cuenta que Citrix ADC o Citrix Gateway deben estar configurados como un SP SAML o un IdP SAML para que esto sea posible",
      },
   ],
   id: "CVE-2020-8300",
   lastModified: "2024-11-21T05:38:41.320",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-06-16T14:15:08.440",
   references: [
      {
         source: "support@hackerone.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX297155",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX297155",
      },
   ],
   sourceIdentifier: "support@hackerone.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-284",
            },
         ],
         source: "support@hackerone.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-07-19 19:15
Modified
2024-11-21 08:17
Summary
Privilege Escalation to root administrator (nsroot)



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
                     matchCriteriaId: "8927B2FA-F87E-4D81-AC29-9032184ECB7E",
                     versionEndExcluding: "12.1-55.297",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*",
                     matchCriteriaId: "9845E7B1-5604-497D-8241-048E91987C13",
                     versionEndExcluding: "12.1-55.297",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
                     matchCriteriaId: "AD949674-8DC1-4B0D-8C0C-F593539E12F1",
                     versionEndExcluding: "13.0-91.13",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
                     matchCriteriaId: "BD0739E3-F7A4-463C-96B0-9D7BDBF218C4",
                     versionEndExcluding: "13.1-37.159",
                     versionStartIncluding: "13.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
                     matchCriteriaId: "FCEED8AC-F9A9-4F75-BB32-F53967A8E9A0",
                     versionEndExcluding: "13.1-49.13",
                     versionStartIncluding: "13.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:11.1-65.22:*:*:*:fips:*:*:*",
                     matchCriteriaId: "102C0D0F-AC37-43B0-8B9A-103B37436130",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC825A83-8D84-42C7-868F-0470FF79D497",
                     versionEndExcluding: "13.0-91.13",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "442F6925-199D-4E5B-84C1-05C4D8108B62",
                     versionEndExcluding: "13.1-49.13",
                     versionStartIncluding: "13.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Privilege Escalation to root administrator (nsroot)\n",
      },
   ],
   id: "CVE-2023-3467",
   lastModified: "2024-11-21T08:17:19.920",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.1,
            impactScore: 5.9,
            source: "secure@citrix.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.1,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-07-19T19:15:12.110",
   references: [
      {
         source: "secure@citrix.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467",
      },
   ],
   sourceIdentifier: "secure@citrix.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-269",
            },
         ],
         source: "secure@citrix.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-09-18 21:15
Modified
2024-11-21 05:38
Summary
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD2A238E-72C4-4D74-B902-2EE8E602AAC1",
                     versionEndExcluding: "11.1-65.12",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1C991579-B6B8-4F07-9AF9-739452F1F5AA",
                     versionEndExcluding: "12.1-58.15",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED09F4AE-DCC6-4C7D-BFA1-D22E16893C97",
                     versionEndExcluding: "13.0-64.35",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F98105E-37A4-46F4-BA82-A8E95372A370",
                     versionEndExcluding: "11.1-65.12",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "178C6CA9-0068-4225-A209-E13A880ED188",
                     versionEndExcluding: "13.0-64.35",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CFAC08D1-1FE8-4910-9D50-F167537C7C91",
                     versionEndExcluding: "12.1-58.15",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D76AEFBD-225E-45D3-B604-CAF0032BA861",
                     versionEndExcluding: "10.2.7b",
                     versionStartIncluding: "10.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7296BF8E-186C-4279-AF08-C3D1282322F0",
                     versionEndExcluding: "11.0.3f",
                     versionStartIncluding: "11.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "92806100-D243-43CC-ACA7-DF9E95E2740D",
                     versionEndExcluding: "11.1.2a",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4FB67ED6-6586-4280-A521-E1EDA81C68BE",
                     versionEndExcluding: "11.2.1a",
                     versionStartIncluding: "11.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:sd-wan_wanop:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "10F0ACFD-9D48-43F6-A45C-D5F0313BB952",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network.",
      },
      {
         lang: "es",
         value: "Citrix ADC y Citrix Gateway versiones 13.0 anteriores a 13.0-64.35, Citrix ADC y NetScaler Gateway versiones 12.1 anteriores a 12.1-58.15, Citrix ADC versiones 12.1-FIPS anteriores a 12.1-55.187, Citrix ADC y NetScaler Gateway versión 12.0, Citrix ADC y NetScaler Gateway versiones 11.1 anteriores a 11.1-65.12, Citrix SD-WAN WANOP versiones 11.2 anteriores a 11.2.1a, Citrix SD-WAN WANOP versiones 11.1 anteriores a 11.1.2a, Citrix SD-WAN WANOP versiones 11.0 anteriores a 11.0.3f, Citrix SD-WAN WANOP versiones 10.2 anteriores a 10.2.7b, son vulnerables a un ataque de denegación de servicio que se origina en la red de administración",
      },
   ],
   id: "CVE-2020-8246",
   lastModified: "2024-11-21T05:38:34.983",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-09-18T21:15:13.263",
   references: [
      {
         source: "support@hackerone.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX281474",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX281474",
      },
   ],
   sourceIdentifier: "support@hackerone.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-400",
            },
         ],
         source: "support@hackerone.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-400",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-05-22 16:29
Modified
2024-11-21 04:22
Summary
A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BF749290-81B6-4772-A61A-699B6181791D",
                     versionEndExcluding: "10.5.70",
                     versionStartIncluding: "10.5.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B4EE820-252E-4137-8B35-842DAB2994F7",
                     versionEndExcluding: "11.1.59.10",
                     versionStartIncluding: "11.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2BDB18E6-DBF6-42E7-A37A-70A96CB24CF8",
                     versionEndExcluding: "12.0.59.8",
                     versionStartIncluding: "12.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "05C7D109-77A2-47A6-845D-6BCF946999ED",
                     versionEndExcluding: "12.1.49.23",
                     versionStartIncluding: "12.1.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BF7D848E-A8E5-465F-9F23-A1B6F80D00D5",
                     versionEndExcluding: "10.5.70",
                     versionStartIncluding: "10.5.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F5AF866E-4D80-40DE-9166-D1D8799D8754",
                     versionEndExcluding: "11.1.59.10",
                     versionStartIncluding: "11.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "70220C9E-7F3B-40CE-A8C5-D230803BFC02",
                     versionEndExcluding: "12.0.59.8",
                     versionStartIncluding: "12.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "89196BF4-8CF9-4559-8CC4-9008D64C1C6F",
                     versionEndExcluding: "12.1.49.23",
                     versionStartIncluding: "12.1.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23.",
      },
      {
         lang: "es",
         value: "Existe un desbordamiento de búfer en Citrix NetScaler Gateway versiones 10.5.x, anteriores 10.5.70.x, versiones 11.1.x, anteriores 11.1.59.10, versiones 12.0.x ,anteriores 12.0.59.8, y versiones 12.1.x anterior 12.1.49.23 y Citrix Application Delivery Controller versiones 10.5.x, anterior 10.5.70.x, versión 11.1.x anterior 11.1.59.10, versión 12.0.x anterior 12.0.59.8,y versión 12.1.x anterior 12.1.49.23.",
      },
   ],
   id: "CVE-2019-12044",
   lastModified: "2024-11-21T04:22:09.690",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-05-22T16:29:01.243",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX249976",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/v1/search?searchQuery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletin",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX249976",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/v1/search?searchQuery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletin",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-02-22 23:29
Modified
2024-11-21 04:46
Summary
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "7E0FA8E2-3E8F-481E-8C39-FB00A9739DFC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D2C6F82C-9969-4A6E-88C8-AB8BB0AAD3C7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A5D73B9A-59AA-4A38-AEAF-7EAB0965CD7E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B9F3ED0E-7F3D-477B-B645-77DA5FC7F502",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:12.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "58349F8E-3177-413A-9CBE-BB454DCD31E4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "D8C7525B-2A2D-43AF-8DA0-11FF28322337",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CB678AF5-12B4-41D0-A381-46EE277313B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "123D42E1-3CDD-4D46-82F6-8982DE716F7E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FFCE3458-6750-4773-BA18-CAA67A6093D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:12.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "28A1E3C0-5A62-4EAC-941C-DFAF0F277E5B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled.",
      },
      {
         lang: "es",
         value: "Citrix NetScaler Gateway, en versiones 12.1 anteriores a la build 50.31, versiones 12.0 anteriores a la build 60.9, versiones 11.1 anteriores a la build 60.14, versiones 11.0 anteriores a la build 72.17 y en versiones 10.5 anteriores a la build 69.5, así como Application Delivery Controller (ADC), en versiones 12.1 anteriores a la build 50.31, versiones 12.0 anteriores a la build 60.9, versiones 11.1 anteriores a la build 60.14, versiones 11.0 anteriores a la build 72.17 y versiones 10.5 anteriores a la build 69.5 permiten que los atacantes remotos obtengan información sensible en texto plano debido a una vulnerabilidad \"TLS Padding Oracle\" cuando los conjuntos de cifrado basados en CBC están habilitados.",
      },
   ],
   id: "CVE-2019-6485",
   lastModified: "2024-11-21T04:46:31.910",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-02-22T23:29:00.283",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/106783",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Product",
            "Third Party Advisory",
         ],
         url: "https://github.com/RUB-NDS/TLS-Padding-Oracles",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mitigation",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX240139",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/106783",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Product",
            "Third Party Advisory",
         ],
         url: "https://github.com/RUB-NDS/TLS-Padding-Oracles",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mitigation",
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX240139",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-327",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-07-10 16:15
Modified
2024-11-21 05:38
Summary
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.



{
   cisaActionDue: "2022-05-03",
   cisaExploitAdd: "2021-11-03",
   cisaRequiredAction: "Apply updates per vendor instructions.",
   cisaVulnerabilityName: "Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability",
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC8327D0-8B64-44AF-A230-AAE32F3526CF",
                     versionEndExcluding: "10.5-70.18",
                     versionStartIncluding: "10.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D4807513-1157-4CE3-8998-9C5EB9BBDA3E",
                     versionEndExcluding: "11.1-64.14",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "165076F2-014F-46F9-A1AB-2256D935A21B",
                     versionEndExcluding: "12.0-63.21",
                     versionStartIncluding: "12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6AE49E6-A6B9-4E2B-9AFB-7F1808D052F6",
                     versionEndExcluding: "12.1-57.18",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "03868D24-B1C0-4245-AE28-0960CF2816C1",
                     versionEndExcluding: "13.0-58.30",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA7AAC01-A7CB-48F4-A25D-4A29479CD0DA",
                     versionEndExcluding: "10.5-70.18",
                     versionStartIncluding: "10.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "61C33096-91FD-4387-8B90-C8981DB7F926",
                     versionEndExcluding: "11.1-64.14",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7605821F-21B0-4F9D-AAD1-F901CED00585",
                     versionEndExcluding: "12.0-63.21",
                     versionStartIncluding: "12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FA8946F-75C2-4515-9EBE-E1884B35ECF1",
                     versionEndExcluding: "12.1-57.18",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6D0CC10-FE91-40E4-BFFD-11BE41DD4269",
                     versionEndExcluding: "13.0-58.30",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3EF98B43-71DB-4230-B7AC-76EC2B1F0533",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B7DF63BB-CCE6-4405-8E6D-6DF1BC975D3D",
                     versionEndExcluding: "10.2.7",
                     versionStartIncluding: "10.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D1A5E7D-C3A7-48B8-BD6D-5973F8361DEC",
                     versionEndExcluding: "11.0.3d",
                     versionStartIncluding: "11.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0471F1F0-F804-47BA-98A1-7080E1C740E7",
                     versionEndExcluding: "11.1.1a",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:4000-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "25C848BC-98F7-41D4-A262-8B7EB304F4C1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:4100-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3979EFF-AE6E-4274-97E2-58C7E01C920E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:5000-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C87AF39E-6BCF-4188-BAB1-A5CBDEBF662E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:5100-wo:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "38514675-1C15-460C-B34C-2633A8A36A78",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:citrix:gateway_plug-in_for_linux:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "25969217-EB50-466A-9F0F-5DEB1805B27D",
                     versionEndExcluding: "1.0.0.137",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.",
      },
      {
         lang: "es",
         value: "Una comprobación de entrada inapropiada en Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18 y Citrix SDWAN WAN-OP versiones anteriores a 11.1.1a, 11.0.3d y 10.2.7, resulta en una divulgación de información limitada para usuarios poco privilegiados",
      },
   ],
   id: "CVE-2020-8195",
   lastModified: "2024-11-21T05:38:28.767",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-07-10T16:15:12.327",
   references: [
      {
         source: "support@hackerone.com",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html",
      },
      {
         source: "support@hackerone.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX276688",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX276688",
      },
   ],
   sourceIdentifier: "support@hackerone.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "support@hackerone.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-22",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-10-27 19:15
Modified
2024-11-21 08:36
Summary
Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2409DF4E-68CB-4B8D-BA47-D68A3ABCBBF5",
                     versionEndExcluding: "13.0-92.19",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3343FD78-6DC8-40CC-A349-FB98654EEE97",
                     versionEndExcluding: "13.1-49.15",
                     versionStartIncluding: "13.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "46848B81-A561-47FC-A0C9-7C4A9E896F7E",
                     versionEndExcluding: "14.1-8.50",
                     versionStartIncluding: "14.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5FB1412D-F8D8-4592-A8A9-C1B841B93D5E",
                     versionEndExcluding: "13.0-92.19",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "28A08B32-D145-499F-866E-BEEEDEBB2901",
                     versionEndExcluding: "13.1-49.15",
                     versionStartIncluding: "13.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4F1610E6-FE48-4339-8E74-765E0517E33D",
                     versionEndExcluding: "14.1-8.50",
                     versionStartIncluding: "14.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
                     matchCriteriaId: "ACB785DB-4EDF-4A7D-A6CE-B473E2598C15",
                     versionEndIncluding: "12.1-55.300",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*",
                     matchCriteriaId: "A2265F5D-6B66-4597-984E-1E479384A2CA",
                     versionEndIncluding: "12.1-55.300",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
                     matchCriteriaId: "29C01D44-FAA8-48DF-8877-FA7F56FFE0A3",
                     versionEndIncluding: "13.1-37.164",
                     versionStartIncluding: "13.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server",
      },
      {
         lang: "es",
         value: "Denegación de Servicio (DoS) en NetScaler ADC y NetScaler Gateway cuando se configura como Gateway (servidor virtual VPN, proxy ICA, CVPN, proxy RDP) o Servidor Virtual AAA",
      },
   ],
   id: "CVE-2023-4967",
   lastModified: "2024-11-21T08:36:21.797",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.2,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 4.2,
            source: "secure@citrix.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-10-27T19:15:41.620",
   references: [
      {
         source: "secure@citrix.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX579459/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX579459/",
      },
   ],
   sourceIdentifier: "secure@citrix.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "secure@citrix.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-02-17 15:59
Modified
2024-11-21 02:47
Summary
The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler:10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADF49FFA-B7D2-4BA0-A633-5CD58083F351",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler:10.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "375EE327-CD32-4735-B896-08A50C1931D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler:10.5e:*:*:*:*:*:*:*",
                     matchCriteriaId: "93F54B1F-BD90-4152-94AA-C3EBC013F30C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "005FE189-80FF-406C-88E5-B9D9B0723779",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler:10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADF49FFA-B7D2-4BA0-A633-5CD58083F351",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler:10.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "375EE327-CD32-4735-B896-08A50C1931D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler:10.5e:*:*:*:*:*:*:*",
                     matchCriteriaId: "93F54B1F-BD90-4152-94AA-C3EBC013F30C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "005FE189-80FF-406C-88E5-B9D9B0723779",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.",
      },
      {
         lang: "es",
         value: "La Administrative Web Interface en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway 11.x en versiones anteriores a 11.0 Build 64.34, 10.5 en versiones anteriores a 10.5 Build 59.13, 10.5.e en versiones anteriores a Build 59.1305.e y 10.1 permite a atacantes remotos llevar a cabo ataques de secuestro de clic a través de vectores no especificados.",
      },
   ],
   id: "CVE-2016-2072",
   lastModified: "2024-11-21T02:47:45.027",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-02-17T15:59:05.750",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://support.citrix.com/article/CTX206001",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securitytracker.com/id/1035098",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://support.citrix.com/article/CTX206001",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id/1035098",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-254",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-04-13 14:59
Modified
2024-11-21 03:31
Summary
A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A254925E-AD47-4722-AAB2-43A6FEA900AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "7E0FA8E2-3E8F-481E-8C39-FB00A9739DFC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D2C6F82C-9969-4A6E-88C8-AB8BB0AAD3C7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A5D73B9A-59AA-4A38-AEAF-7EAB0965CD7E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad de desbordamiento de montón en las versiones Citrix NetScaler Gateway 10.1 en versiones anteriores a 135.8/135.12, 10.5 en versiones anteriores a 65.11, 11.0 en versiones anteriores a 70.12 y 11.1 en versiones anteriores a 52.13 permite a un atacante remoto autenticado ejecutar comandos arbitrarios a través de vectores no especificados.",
      },
   ],
   id: "CVE-2017-7219",
   lastModified: "2024-11-21T03:31:23.933",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "COMPLETE",
               baseScore: 9,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-04-13T14:59:01.900",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/97626",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securitytracker.com/id/1038283",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX222657",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/97626",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id/1038283",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX222657",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-02-17 15:59
Modified
2024-11-21 02:47
Severity ?
Summary
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler:10.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "375EE327-CD32-4735-B896-08A50C1931D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler:10.5e:*:*:*:*:*:*:*",
                     matchCriteriaId: "93F54B1F-BD90-4152-94AA-C3EBC013F30C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "005FE189-80FF-406C-88E5-B9D9B0723779",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler:10.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "375EE327-CD32-4735-B896-08A50C1931D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler:10.5e:*:*:*:*:*:*:*",
                     matchCriteriaId: "93F54B1F-BD90-4152-94AA-C3EBC013F30C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "005FE189-80FF-406C-88E5-B9D9B0723779",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands.",
      },
      {
         lang: "es",
         value: "Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway 11.x en versiones anteriores a 11.0 Build 64.34, 10.5 en versiones anteriores a 10.5 Build 59.13 y 10.5.e en versiones anteriores a Build 59.1305.e permite a atacantes remotos obtener privilegios a través de comandos NS Web GUI no especificados.",
      },
   ],
   id: "CVE-2016-2071",
   lastModified: "2024-11-21T02:47:44.883",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: true,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-02-17T15:59:04.767",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://support.citrix.com/article/CTX206001",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securitytracker.com/id/1035098",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://support.citrix.com/article/CTX206001",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id/1035098",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-09-18 21:15
Modified
2024-11-21 05:38
Summary
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD2A238E-72C4-4D74-B902-2EE8E602AAC1",
                     versionEndExcluding: "11.1-65.12",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1C991579-B6B8-4F07-9AF9-739452F1F5AA",
                     versionEndExcluding: "12.1-58.15",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED09F4AE-DCC6-4C7D-BFA1-D22E16893C97",
                     versionEndExcluding: "13.0-64.35",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F98105E-37A4-46F4-BA82-A8E95372A370",
                     versionEndExcluding: "11.1-65.12",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "178C6CA9-0068-4225-A209-E13A880ED188",
                     versionEndExcluding: "13.0-64.35",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CFAC08D1-1FE8-4910-9D50-F167537C7C91",
                     versionEndExcluding: "12.1-58.15",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal.",
      },
      {
         lang: "es",
         value: "Una Comprobación de Entrada inapropiada en Citrix ADC y Citrix Gateway versiones 13.0 anteriores a 13.0-64.35, Citrix ADC y NetScaler Gateway versiones 12.1 anteriores a 12.1-58.15, Citrix ADC versiones 12.1-FIPS anteriores a 12.1-55.187, Citrix ADC y NetScaler Gateway versión 12.0, Citrix ADC y NetScaler Gateway 11.1 antes 11.1-65.12, Citrix SD-WAN WANOP versiones 11.2 anteriores a 11.2.1a, Citrix SD-WAN WANOP versiones 11.1 anteriores a 11.1.2a, Citrix SD-WAN WANOP versiones 11.0 anteriores a 11.0.3f, Citrix SD-WAN WANOP versiones 10.2 anteriores a 10.2.7b, conlleva a un ataque de Inyección HTML contra el portal web SSL VPN",
      },
   ],
   id: "CVE-2020-8245",
   lastModified: "2024-11-21T05:38:34.877",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-09-18T21:15:13.170",
   references: [
      {
         source: "support@hackerone.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX281474",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX281474",
      },
   ],
   sourceIdentifier: "support@hackerone.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "support@hackerone.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-07-19 19:15
Modified
2024-11-21 08:17
Summary
Reflected Cross-Site Scripting (XSS)



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
                     matchCriteriaId: "8927B2FA-F87E-4D81-AC29-9032184ECB7E",
                     versionEndExcluding: "12.1-55.297",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*",
                     matchCriteriaId: "9845E7B1-5604-497D-8241-048E91987C13",
                     versionEndExcluding: "12.1-55.297",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
                     matchCriteriaId: "AD949674-8DC1-4B0D-8C0C-F593539E12F1",
                     versionEndExcluding: "13.0-91.13",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
                     matchCriteriaId: "BD0739E3-F7A4-463C-96B0-9D7BDBF218C4",
                     versionEndExcluding: "13.1-37.159",
                     versionStartIncluding: "13.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
                     matchCriteriaId: "FCEED8AC-F9A9-4F75-BB32-F53967A8E9A0",
                     versionEndExcluding: "13.1-49.13",
                     versionStartIncluding: "13.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_application_delivery_controller:11.1-65.22:*:*:*:fips:*:*:*",
                     matchCriteriaId: "102C0D0F-AC37-43B0-8B9A-103B37436130",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC825A83-8D84-42C7-868F-0470FF79D497",
                     versionEndExcluding: "13.0-91.13",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "442F6925-199D-4E5B-84C1-05C4D8108B62",
                     versionEndExcluding: "13.1-49.13",
                     versionStartIncluding: "13.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Reflected Cross-Site Scripting (XSS)\n",
      },
   ],
   id: "CVE-2023-3466",
   lastModified: "2024-11-21T08:17:19.750",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.3,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.6,
            impactScore: 6,
            source: "secure@citrix.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-07-19T19:15:12.017",
   references: [
      {
         source: "secure@citrix.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467",
      },
   ],
   sourceIdentifier: "secure@citrix.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "secure@citrix.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-08-02 19:29
Modified
2024-11-21 02:29
Summary
The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_firmware:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "77E759CD-4DF3-4B30-ADFD-9E63F753DFC1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_firmware:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9CC7D1B6-5C2D-4407-A55C-78FE6B899B46",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_firmware:9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "2391E6E2-5E57-4E35-8F2C-89813F999F1F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_firmware:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "61D94767-47A9-4516-BB4F-7800301214EB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_firmware:10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "99708F67-F4F1-4651-88FB-97869B9704C0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_firmware:10.1e:*:*:*:*:*:*:*",
                     matchCriteriaId: "6ABD1DF6-BE2F-4A23-ACD4-C33CFF68CB36",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_firmware:10.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F108EA-A307-46FE-A093-5EF78182BC2A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_firmware:10.5e:*:*:*:*:*:*:*",
                     matchCriteriaId: "208B0DD8-6635-4201-B565-FDA647F9F2E3",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_firmware:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "77E759CD-4DF3-4B30-ADFD-9E63F753DFC1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_firmware:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9CC7D1B6-5C2D-4407-A55C-78FE6B899B46",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_firmware:9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "2391E6E2-5E57-4E35-8F2C-89813F999F1F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_firmware:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "61D94767-47A9-4516-BB4F-7800301214EB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_firmware:10.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "99708F67-F4F1-4651-88FB-97869B9704C0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_firmware:10.1e:*:*:*:*:*:*:*",
                     matchCriteriaId: "6ABD1DF6-BE2F-4A23-ACD4-C33CFF68CB36",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_firmware:10.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F108EA-A307-46FE-A093-5EF78182BC2A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_firmware:10.5e:*:*:*:*:*:*:*",
                     matchCriteriaId: "208B0DD8-6635-4201-B565-FDA647F9F2E3",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).",
      },
      {
         lang: "es",
         value: "Las funcionalidades de procesamiento TLS y DTLS en dispositivos Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway con versiones de firmware 9.x anteriores a 9.3 Build 68.5, 10.0 en su versión Build 78.6, 10.1 anterior a Build 130.13, 10.1.e anterior a Build 130.1302.e, 10.5 anterior a Build 55.8, y 10.5.e anterior a Build 55.8007.e hacen que sea más fácil que atacantes que realizan Man-in-the-middle obtengan datos en texto plano mediante un ataque padding-oracle, variante de CVE-2014-3566, también conocido como POODLE.",
      },
   ],
   id: "CVE-2015-3642",
   lastModified: "2024-11-21T02:29:33.240",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-08-02T19:29:00.477",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://support.citrix.com/article/CTX200378",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://support.citrix.com/article/CTX200378",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-07-10 16:15
Modified
2024-11-21 05:38
Summary
Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "906C3ABF-27C3-4ADD-9350-BDAA82994C34",
                     versionEndExcluding: "11.1-63.9",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "85149DE8-82B5-4105-BBA5-F69B45AB4411",
                     versionEndExcluding: "12.0-62.10",
                     versionStartIncluding: "12.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "36CA9337-8219-4BAE-A050-5A56C3E60E32",
                     versionEndExcluding: "11.1-63.9",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "01DB94F6-D733-4A4E-9353-68D59C5CB5DC",
                     versionEndExcluding: "12.0-62.10",
                     versionStartIncluding: "12.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack.",
      },
      {
         lang: "es",
         value: "Una comprobación de entrada inapropiada en Citrix ADC y Citrix Gateway versiones anteriores a 11.1-63.9 y 12.0-62.10, permite a usuarios no autenticados llevar a cabo un ataque de denegación de servicio",
      },
   ],
   id: "CVE-2020-8187",
   lastModified: "2024-11-21T05:38:27.843",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-07-10T16:15:11.937",
   references: [
      {
         source: "support@hackerone.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX276688",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX276688",
      },
   ],
   sourceIdentifier: "support@hackerone.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "support@hackerone.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-06-16 14:15
Modified
2024-11-21 05:38
Summary
Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "871316FC-14DC-41BE-971B-61FBE11D5ABF",
                     versionEndExcluding: "12.1-61.18",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FAA24333-CF47-45C2-81E3-C990095920D6",
                     versionEndExcluding: "13.0-76.29",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D77B2AD2-BAF1-4FD3-B7C5-88AC1B130971",
                     versionEndExcluding: "11.1-65.20",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E178AA28-B24F-4565-A314-1E58AAC54648",
                     versionEndExcluding: "11.1-65.20",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7AEBA65F-2FEA-45B2-9118-8781258BC28D",
                     versionEndExcluding: "12.1-61.18",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F78FBC6-84A1-4D99-8D70-BA5AF4B1F2BD",
                     versionEndExcluding: "13.0-76.29",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8BEBCAD2-581F-4217-8425-46C03584E673",
                     versionEndExcluding: "12.1-55.238",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:mpx\\/sdx_14030_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BCB11BC1-0702-436F-BFE2-14B38B118D99",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx\\/sdx_14060_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8569B182-D0A7-414B-B0A3-4DD2FAB44F69",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx\\/sdx_14080_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABB9B3E9-EED4-4D74-BE4C-DFAFAB1F0994",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_15030-50g_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F60729DF-EDC8-4462-ABD2-6E4199F22701",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_15040-50g_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B789F02A-56CB-4871-9D9D-FAB0F31A72A1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_15060-50g_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "06699186-E7E4-463C-8844-77B2A750B985",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_15080-50g_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F00DBEBF-29BE-4D6A-BF79-19208AAB0D7F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_15100-50g_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "848169A6-CAD7-4E14-BC5D-B2E94DC93CCB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_15120-50g_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C69709C-885A-4F19-899D-A7B5CE7066EF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_8905_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6B2136C1-8AB6-4C70-87F4-1F8A93A876C9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_8910_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "492323D2-339D-404C-BB9B-E09ABB87FA2B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:citrix:mpx_8920_fips:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AB83185D-DD6F-47CD-B500-499F9EF65093",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E2E30C0C-32F2-4257-B946-600E3123A0D2",
                     versionEndExcluding: "10.2.9a",
                     versionStartIncluding: "10.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "469E2490-71B8-48FB-A032-08922C75339A",
                     versionEndExcluding: "11.1.2c",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "56A52140-F4AE-4616-91E7-FF941EA26343",
                     versionEndExcluding: "11.2.3a",
                     versionStartIncluding: "11.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:sd-wan_wanop:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "974341A5-6B06-4975-9406-CF41AB0E92F6",
                     versionEndExcluding: "11.3.2",
                     versionStartIncluding: "11.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.",
      },
      {
         lang: "es",
         value: "Citrix ADC y Citrix/NetScaler Gateway versiones 13.0 anteriores a 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC versiones 12.1-FIPS anteriores a 12.1-55.238, y Citrix SD-WAN WANOP Edition versiones anteriores a 11.4.0, 11. 3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a, sufren un consumo no controlado de recursos mediante una denegación de servicio basada en la red desde el mismo segmento de red de capa 2. Tome en cuenta que el atacante debe estar en el mismo segmento de red de capa 2 que el dispositivo vulnerable",
      },
   ],
   id: "CVE-2020-8299",
   lastModified: "2024-11-21T05:38:41.210",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "ADJACENT_NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 3.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 6.5,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-06-16T14:15:08.107",
   references: [
      {
         source: "support@hackerone.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX297155",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX297155",
      },
   ],
   sourceIdentifier: "support@hackerone.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-400",
            },
         ],
         source: "support@hackerone.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-400",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-07-10 16:15
Modified
2024-11-21 05:38
Summary
Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC8327D0-8B64-44AF-A230-AAE32F3526CF",
                     versionEndExcluding: "10.5-70.18",
                     versionStartIncluding: "10.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D4807513-1157-4CE3-8998-9C5EB9BBDA3E",
                     versionEndExcluding: "11.1-64.14",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "165076F2-014F-46F9-A1AB-2256D935A21B",
                     versionEndExcluding: "12.0-63.21",
                     versionStartIncluding: "12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6AE49E6-A6B9-4E2B-9AFB-7F1808D052F6",
                     versionEndExcluding: "12.1-57.18",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "03868D24-B1C0-4245-AE28-0960CF2816C1",
                     versionEndExcluding: "13.0-58.30",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA7AAC01-A7CB-48F4-A25D-4A29479CD0DA",
                     versionEndExcluding: "10.5-70.18",
                     versionStartIncluding: "10.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "61C33096-91FD-4387-8B90-C8981DB7F926",
                     versionEndExcluding: "11.1-64.14",
                     versionStartIncluding: "11.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7605821F-21B0-4F9D-AAD1-F901CED00585",
                     versionEndExcluding: "12.0-63.21",
                     versionStartIncluding: "12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FA8946F-75C2-4515-9EBE-E1884B35ECF1",
                     versionEndExcluding: "12.1-57.18",
                     versionStartIncluding: "12.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEBB9B6A-1CAD-4D82-9B1E-939921986053",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:citrix:gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6D0CC10-FE91-40E4-BFFD-11BE41DD4269",
                     versionEndExcluding: "13.0-58.30",
                     versionStartIncluding: "13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3EF98B43-71DB-4230-B7AC-76EC2B1F0533",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.",
      },
      {
         lang: "es",
         value: "Unos permisos de archivo incorrectos en Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18, permiten una escalada de privilegios",
      },
   ],
   id: "CVE-2020-8190",
   lastModified: "2024-11-21T05:38:28.207",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 6.8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.6,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-07-10T16:15:12.013",
   references: [
      {
         source: "support@hackerone.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX276688",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.citrix.com/article/CTX276688",
      },
   ],
   sourceIdentifier: "support@hackerone.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-281",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}