cvelistv5 - cve-2019-12044

CVE-2019-12044 (GCVE-0-2019-12044)

Vulnerability from cvelistv5 – Published: 2019-05-22 15:29 – Updated: 2024-08-04 23:10

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://support.citrix.com/v1/search?searchQuery=…	x_refsource_MISC
	https://support.citrix.com/article/CTX249976	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:10:30.180Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/v1/search?searchQuery=%22%22\u0026lang=en\u0026sort=cr_date_desc\u0026prod=\u0026pver=\u0026ct=Security+Bulletin"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX249976"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-22T15:29:28",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.citrix.com/v1/search?searchQuery=%22%22\u0026lang=en\u0026sort=cr_date_desc\u0026prod=\u0026pver=\u0026ct=Security+Bulletin"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.citrix.com/article/CTX249976"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12044",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.citrix.com/v1/search?searchQuery=%22%22\u0026lang=en\u0026sort=cr_date_desc\u0026prod=\u0026pver=\u0026ct=Security+Bulletin",
              "refsource": "MISC",
              "url": "https://support.citrix.com/v1/search?searchQuery=%22%22\u0026lang=en\u0026sort=cr_date_desc\u0026prod=\u0026pver=\u0026ct=Security+Bulletin"
            },
            {
              "name": "https://support.citrix.com/article/CTX249976",
              "refsource": "CONFIRM",
              "url": "https://support.citrix.com/article/CTX249976"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-12044",
    "datePublished": "2019-05-22T15:29:28",
    "dateReserved": "2019-05-13T00:00:00",
    "dateUpdated": "2024-08-04T23:10:30.180Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.5.0\", \"versionEndExcluding\": \"10.5.70\", \"matchCriteriaId\": \"BF749290-81B6-4772-A61A-699B6181791D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.1.0\", \"versionEndExcluding\": \"11.1.59.10\", \"matchCriteriaId\": \"0B4EE820-252E-4137-8B35-842DAB2994F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0.0\", \"versionEndExcluding\": \"12.0.59.8\", \"matchCriteriaId\": \"2BDB18E6-DBF6-42E7-A37A-70A96CB24CF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndExcluding\": \"12.1.49.23\", \"matchCriteriaId\": \"05C7D109-77A2-47A6-845D-6BCF946999ED\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEBB9B6A-1CAD-4D82-9B1E-939921986053\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.5.0\", \"versionEndExcluding\": \"10.5.70\", \"matchCriteriaId\": \"BF7D848E-A8E5-465F-9F23-A1B6F80D00D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.1.0\", \"versionEndExcluding\": \"11.1.59.10\", \"matchCriteriaId\": \"F5AF866E-4D80-40DE-9166-D1D8799D8754\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0.0\", \"versionEndExcluding\": \"12.0.59.8\", \"matchCriteriaId\": \"70220C9E-7F3B-40CE-A8C5-D230803BFC02\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndExcluding\": \"12.1.49.23\", \"matchCriteriaId\": \"89196BF4-8CF9-4559-8CC4-9008D64C1C6F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23.\"}, {\"lang\": \"es\", \"value\": \"Existe un desbordamiento de b\\u00fafer en Citrix NetScaler Gateway versiones 10.5.x, anteriores 10.5.70.x, versiones 11.1.x, anteriores 11.1.59.10, versiones 12.0.x ,anteriores 12.0.59.8, y versiones 12.1.x anterior 12.1.49.23 y Citrix Application Delivery Controller versiones 10.5.x, anterior 10.5.70.x, versi\\u00f3n 11.1.x anterior 11.1.59.10, versi\\u00f3n 12.0.x anterior 12.0.59.8,y versi\\u00f3n 12.1.x anterior 12.1.49.23.\"}]",
      "id": "CVE-2019-12044",
      "lastModified": "2024-11-21T04:22:09.690",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-05-22T16:29:01.243",
      "references": "[{\"url\": \"https://support.citrix.com/article/CTX249976\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://support.citrix.com/v1/search?searchQuery=%22%22\u0026lang=en\u0026sort=cr_date_desc\u0026prod=\u0026pver=\u0026ct=Security+Bulletin\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.citrix.com/article/CTX249976\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://support.citrix.com/v1/search?searchQuery=%22%22\u0026lang=en\u0026sort=cr_date_desc\u0026prod=\u0026pver=\u0026ct=Security+Bulletin\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-12044\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-05-22T16:29:01.243\",\"lastModified\":\"2024-11-21T04:22:09.690\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23.\"},{\"lang\":\"es\",\"value\":\"Existe un desbordamiento de b\u00fafer en Citrix NetScaler Gateway versiones 10.5.x, anteriores 10.5.70.x, versiones 11.1.x, anteriores 11.1.59.10, versiones 12.0.x ,anteriores 12.0.59.8, y versiones 12.1.x anterior 12.1.49.23 y Citrix Application Delivery Controller versiones 10.5.x, anterior 10.5.70.x, versi\u00f3n 11.1.x anterior 11.1.59.10, versi\u00f3n 12.0.x anterior 12.0.59.8,y versi\u00f3n 12.1.x anterior 12.1.49.23.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.5.0\",\"versionEndExcluding\":\"10.5.70\",\"matchCriteriaId\":\"BF749290-81B6-4772-A61A-699B6181791D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.1.0\",\"versionEndExcluding\":\"11.1.59.10\",\"matchCriteriaId\":\"0B4EE820-252E-4137-8B35-842DAB2994F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndExcluding\":\"12.0.59.8\",\"matchCriteriaId\":\"2BDB18E6-DBF6-42E7-A37A-70A96CB24CF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.49.23\",\"matchCriteriaId\":\"05C7D109-77A2-47A6-845D-6BCF946999ED\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEBB9B6A-1CAD-4D82-9B1E-939921986053\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.5.0\",\"versionEndExcluding\":\"10.5.70\",\"matchCriteriaId\":\"BF7D848E-A8E5-465F-9F23-A1B6F80D00D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.1.0\",\"versionEndExcluding\":\"11.1.59.10\",\"matchCriteriaId\":\"F5AF866E-4D80-40DE-9166-D1D8799D8754\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndExcluding\":\"12.0.59.8\",\"matchCriteriaId\":\"70220C9E-7F3B-40CE-A8C5-D230803BFC02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.49.23\",\"matchCriteriaId\":\"89196BF4-8CF9-4559-8CC4-9008D64C1C6F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9\"}]}]}],\"references\":[{\"url\":\"https://support.citrix.com/article/CTX249976\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://support.citrix.com/v1/search?searchQuery=%22%22\u0026lang=en\u0026sort=cr_date_desc\u0026prod=\u0026pver=\u0026ct=Security+Bulletin\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.citrix.com/article/CTX249976\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://support.citrix.com/v1/search?searchQuery=%22%22\u0026lang=en\u0026sort=cr_date_desc\u0026prod=\u0026pver=\u0026ct=Security+Bulletin\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GHSA-4G6Q-2GHM-PR4W

Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-04-04 00:43

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-12044"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-22T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23.",
  "id": "GHSA-4g6q-2ghm-pr4w",
  "modified": "2024-04-04T00:43:45Z",
  "published": "2022-05-24T16:46:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12044"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/article/CTX249976"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/v1/search?searchQuery=%22%22\u0026lang=en\u0026sort=cr_date_desc\u0026prod=\u0026pver=\u0026ct=Security+Bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2019-12044

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-12044

Aliases

CVE-2019-12044

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-12044",
    "description": "A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23.",
    "id": "GSD-2019-12044"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-12044"
      ],
      "details": "A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23.",
      "id": "GSD-2019-12044",
      "modified": "2023-12-13T01:23:43.547319Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-12044",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.citrix.com/v1/search?searchQuery=%22%22\u0026lang=en\u0026sort=cr_date_desc\u0026prod=\u0026pver=\u0026ct=Security+Bulletin",
            "refsource": "MISC",
            "url": "https://support.citrix.com/v1/search?searchQuery=%22%22\u0026lang=en\u0026sort=cr_date_desc\u0026prod=\u0026pver=\u0026ct=Security+Bulletin"
          },
          {
            "name": "https://support.citrix.com/article/CTX249976",
            "refsource": "CONFIRM",
            "url": "https://support.citrix.com/article/CTX249976"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.1.49.23",
                    "versionStartIncluding": "12.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.0.59.8",
                    "versionStartIncluding": "12.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "11.1.59.10",
                    "versionStartIncluding": "11.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.5.70",
                    "versionStartIncluding": "10.5.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.5.70",
                    "versionStartIncluding": "10.5.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "11.1.59.10",
                    "versionStartIncluding": "11.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.0.59.8",
                    "versionStartIncluding": "12.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.1.49.23",
                    "versionStartIncluding": "12.1.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12044"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.citrix.com/v1/search?searchQuery=%22%22\u0026lang=en\u0026sort=cr_date_desc\u0026prod=\u0026pver=\u0026ct=Security+Bulletin",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.citrix.com/v1/search?searchQuery=%22%22\u0026lang=en\u0026sort=cr_date_desc\u0026prod=\u0026pver=\u0026ct=Security+Bulletin"
            },
            {
              "name": "https://support.citrix.com/article/CTX249976",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://support.citrix.com/article/CTX249976"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-05-24T19:55Z",
      "publishedDate": "2019-05-22T16:29Z"
    }
  }
}

VAR-201905-0568

Vulnerability from variot - Updated: 2023-12-18 12:56

A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. The following versions of Citrix ADC and Citrix NetScaler Gateway are affected: 10.5.x prior to 10.5.70 11.1.x prior to 11.1.59.10 12.0.x prior to 12.0.59.8 12.1.x prior to 12.1.49.23. Citrix Systems NetScaler Gateway is a secure remote access solution. This solution provides administrators with application-level and data-level control functions to enable users to remotely access applications and data from any location. The product has features such as application delivery control and load balancing. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201905-0568",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "netscaler gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "11.1.59.10"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "10.5.70"
      },
      {
        "model": "netscaler gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "11.1.0"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "12.1.49.23"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "11.1.0"
      },
      {
        "model": "netscaler gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "12.1.49.23"
      },
      {
        "model": "netscaler gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "10.5.70"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "12.0.59.8"
      },
      {
        "model": "netscaler gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "10.5.0"
      },
      {
        "model": "netscaler gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "12.1.0"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "10.5.0"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "12.1.0"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "11.1.59.10"
      },
      {
        "model": "netscaler gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "12.0.59.8"
      },
      {
        "model": "netscaler gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "12.0.0"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "12.0.0"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": null,
        "trust": 0.8,
        "vendor": "citrix",
        "version": null
      },
      {
        "model": "netscaler gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "citrix",
        "version": null
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "12.1"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "12.0"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "11.1"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.5"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "12.1"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "12.0"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "11.1"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.5"
      },
      {
        "model": "netscaler gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.5.70"
      },
      {
        "model": "netscaler gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "11.1.59.10"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.5.70"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "12.1.49.23"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "12.0.59.8"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "11.1.59.10"
      },
      {
        "model": "netscaler gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.1.49.23"
      },
      {
        "model": "netscaler gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12.0.59.8"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "108343"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004828"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-12044"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.1.49.23",
                    "versionStartIncluding": "12.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.0.59.8",
                    "versionStartIncluding": "12.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "11.1.59.10",
                    "versionStartIncluding": "11.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.5.70",
                    "versionStartIncluding": "10.5.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "10.5.70",
                    "versionStartIncluding": "10.5.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "11.1.59.10",
                    "versionStartIncluding": "11.1.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.0.59.8",
                    "versionStartIncluding": "12.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.1.49.23",
                    "versionStartIncluding": "12.1.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-12044"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Citrix",
    "sources": [
      {
        "db": "BID",
        "id": "108343"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-444"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2019-12044",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-12044",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-143751",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-12044",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-12044",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201905-444",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-143751",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-143751"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004828"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-12044"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-444"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23. \nAttackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. \nThe following versions of Citrix ADC and Citrix NetScaler Gateway are affected:\n10.5.x prior to 10.5.70\n11.1.x prior to 11.1.59.10\n12.0.x prior to 12.0.59.8\n12.1.x prior to 12.1.49.23. Citrix Systems NetScaler Gateway is a secure remote access solution. This solution provides administrators with application-level and data-level control functions to enable users to remotely access applications and data from any location. The product has features such as application delivery control and load balancing. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-12044"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004828"
      },
      {
        "db": "BID",
        "id": "108343"
      },
      {
        "db": "VULHUB",
        "id": "VHN-143751"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-12044",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "108343",
        "trust": 0.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004828",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-444",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1688",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-143751",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-143751"
      },
      {
        "db": "BID",
        "id": "108343"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004828"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-12044"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-444"
      }
    ]
  },
  "id": "VAR-201905-0568",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-143751"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:56:32.768000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CTX249976",
        "trust": 0.8,
        "url": "https://support.citrix.com/article/ctx249976"
      },
      {
        "title": "Search",
        "trust": 0.8,
        "url": "https://support.citrix.com/search/#/all%20products?ct=all%20types\u0026searchtext=%22%22\u0026lang=en\u0026sort=cr_date_desc\u0026prod=\u0026pver=\u0026ct=security+bulletin\u0026sortby=relevance"
      },
      {
        "title": "CitrixADC and Citrix NetScaler Gateway Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92602"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004828"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-444"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-143751"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004828"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-12044"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://support.citrix.com/article/ctx249976"
      },
      {
        "trust": 1.6,
        "url": "https://support.citrix.com/v1/search?searchquery=%22%22\u0026lang=en\u0026sort=cr_date_desc\u0026prod=\u0026pver=\u0026ct=security+bulletin"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12044"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/108343"
      },
      {
        "trust": 0.9,
        "url": "http://www.citrix.com/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12044"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/80798"
      },
      {
        "trust": 0.1,
        "url": "https://support.citrix.com/v1/search?searchquery=%22%22\u0026amp;lang=en\u0026amp;sort=cr_date_desc\u0026amp;prod=\u0026amp;pver=\u0026amp;ct=security+bulletin"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-143751"
      },
      {
        "db": "BID",
        "id": "108343"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004828"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-12044"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-444"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-143751"
      },
      {
        "db": "BID",
        "id": "108343"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004828"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-12044"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-444"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-143751"
      },
      {
        "date": "2019-05-13T00:00:00",
        "db": "BID",
        "id": "108343"
      },
      {
        "date": "2019-06-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-004828"
      },
      {
        "date": "2019-05-22T16:29:01.243000",
        "db": "NVD",
        "id": "CVE-2019-12044"
      },
      {
        "date": "2019-05-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-444"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-143751"
      },
      {
        "date": "2019-05-13T00:00:00",
        "db": "BID",
        "id": "108343"
      },
      {
        "date": "2019-06-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-004828"
      },
      {
        "date": "2019-05-24T19:55:04.177000",
        "db": "NVD",
        "id": "CVE-2019-12044"
      },
      {
        "date": "2019-05-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-444"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-444"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Citrix NetScaler Gateway and  Application Delivery Controller Buffer error vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004828"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-444"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2019-12044

Vulnerability from fkie_nvd - Published: 2019-05-22 16:29 - Updated: 2024-11-21 04:22

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
cve@mitre.org	https://support.citrix.com/article/CTX249976	Patch, Vendor Advisory
cve@mitre.org	https://support.citrix.com/v1/search?searchQuery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletin	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.citrix.com/article/CTX249976	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.citrix.com/v1/search?searchQuery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletin	Vendor Advisory

Impacted products

Vendor	Product	Version
citrix	netscaler_gateway_firmware	*
citrix	netscaler_gateway_firmware	*
citrix	netscaler_gateway_firmware	*
citrix	netscaler_gateway_firmware	*
citrix	netscaler_gateway	-
citrix	netscaler_application_delivery_controller_firmware	*
citrix	netscaler_application_delivery_controller_firmware	*
citrix	netscaler_application_delivery_controller_firmware	*
citrix	netscaler_application_delivery_controller_firmware	*
citrix	netscaler_application_delivery_controller	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF749290-81B6-4772-A61A-699B6181791D",
              "versionEndExcluding": "10.5.70",
              "versionStartIncluding": "10.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B4EE820-252E-4137-8B35-842DAB2994F7",
              "versionEndExcluding": "11.1.59.10",
              "versionStartIncluding": "11.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BDB18E6-DBF6-42E7-A37A-70A96CB24CF8",
              "versionEndExcluding": "12.0.59.8",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:citrix:netscaler_gateway_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05C7D109-77A2-47A6-845D-6BCF946999ED",
              "versionEndExcluding": "12.1.49.23",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEBB9B6A-1CAD-4D82-9B1E-939921986053",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF7D848E-A8E5-465F-9F23-A1B6F80D00D5",
              "versionEndExcluding": "10.5.70",
              "versionStartIncluding": "10.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5AF866E-4D80-40DE-9166-D1D8799D8754",
              "versionEndExcluding": "11.1.59.10",
              "versionStartIncluding": "11.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70220C9E-7F3B-40CE-A8C5-D230803BFC02",
              "versionEndExcluding": "12.0.59.8",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89196BF4-8CF9-4559-8CC4-9008D64C1C6F",
              "versionEndExcluding": "12.1.49.23",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23."
    },
    {
      "lang": "es",
      "value": "Existe un desbordamiento de b\u00fafer en Citrix NetScaler Gateway versiones 10.5.x, anteriores 10.5.70.x, versiones 11.1.x, anteriores 11.1.59.10, versiones 12.0.x ,anteriores 12.0.59.8, y versiones 12.1.x anterior 12.1.49.23 y Citrix Application Delivery Controller versiones 10.5.x, anterior 10.5.70.x, versi\u00f3n 11.1.x anterior 11.1.59.10, versi\u00f3n 12.0.x anterior 12.0.59.8,y versi\u00f3n 12.1.x anterior 12.1.49.23."
    }
  ],
  "id": "CVE-2019-12044",
  "lastModified": "2024-11-21T04:22:09.690",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-05-22T16:29:01.243",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX249976"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/v1/search?searchQuery=%22%22\u0026lang=en\u0026sort=cr_date_desc\u0026prod=\u0026pver=\u0026ct=Security+Bulletin"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX249976"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/v1/search?searchQuery=%22%22\u0026lang=en\u0026sort=cr_date_desc\u0026prod=\u0026pver=\u0026ct=Security+Bulletin"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2019-AVI-202

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Citrix. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Citrix	N/A	Citrix Workspace versions antérieures à 1904
Citrix	NetScaler Gateway	Citrix ADC et Citrix NetScaler Gateway versions antérieures à 11.1.59.10
Citrix	NetScaler Gateway	Citrix ADC et Citrix NetScaler Gateway versions 12.0.x antérieures à 12.0.59.8
Citrix	N/A	Citrix Receiver for Windows versions antérieures à LTSR 4.9 CU6 version 4.9.6001
Citrix	NetScaler Gateway	Citrix ADC et Citrix NetScaler Gateway versions 12.1.x antérieures à 12.1.49.23

References

Title

Publication Time

Tags

Bulletin de sécurité Citrix CTX251986 du 13 mai 2019	None	vendor-advisory
Bulletin de sécurité Citrix CTX249976 du 13 mai 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix Workspace versions ant\u00e9rieures \u00e0 1904",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et Citrix NetScaler Gateway versions ant\u00e9rieures \u00e0 11.1.59.10",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et Citrix NetScaler Gateway versions 12.0.x ant\u00e9rieures \u00e0 12.0.59.8",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix Receiver for Windows versions ant\u00e9rieures \u00e0 LTSR 4.9 CU6 version 4.9.6001",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et Citrix NetScaler Gateway versions 12.1.x ant\u00e9rieures \u00e0 12.1.49.23",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11634"
    },
    {
      "name": "CVE-2019-12044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12044"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-202",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-05-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nCitrix. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX251986 du 13 mai 2019",
      "url": "https://support.citrix.com/article/CTX251986"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX249976 du 13 mai 2019",
      "url": "https://support.citrix.com/article/CTX249976"
    }
  ]
}

CERTFR-2019-AVI-202

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Citrix	N/A	Citrix Workspace versions antérieures à 1904
Citrix	NetScaler Gateway	Citrix ADC et Citrix NetScaler Gateway versions antérieures à 11.1.59.10
Citrix	NetScaler Gateway	Citrix ADC et Citrix NetScaler Gateway versions 12.0.x antérieures à 12.0.59.8
Citrix	N/A	Citrix Receiver for Windows versions antérieures à LTSR 4.9 CU6 version 4.9.6001
Citrix	NetScaler Gateway	Citrix ADC et Citrix NetScaler Gateway versions 12.1.x antérieures à 12.1.49.23

References

Title

Publication Time

Tags

Bulletin de sécurité Citrix CTX251986 du 13 mai 2019	None	vendor-advisory
Bulletin de sécurité Citrix CTX249976 du 13 mai 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix Workspace versions ant\u00e9rieures \u00e0 1904",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et Citrix NetScaler Gateway versions ant\u00e9rieures \u00e0 11.1.59.10",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et Citrix NetScaler Gateway versions 12.0.x ant\u00e9rieures \u00e0 12.0.59.8",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix Receiver for Windows versions ant\u00e9rieures \u00e0 LTSR 4.9 CU6 version 4.9.6001",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et Citrix NetScaler Gateway versions 12.1.x ant\u00e9rieures \u00e0 12.1.49.23",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11634"
    },
    {
      "name": "CVE-2019-12044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12044"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-202",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-05-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nCitrix. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX251986 du 13 mai 2019",
      "url": "https://support.citrix.com/article/CTX251986"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX249976 du 13 mai 2019",
      "url": "https://support.citrix.com/article/CTX249976"
    }
  ]
}

CNVD-2019-15742

Vulnerability from cnvd - Published: 2019-05-29

Title

Citrix NetScaler Gateway和Citrix Application Delivery Controller缓冲区溢出漏洞

Description

Citrix Systems NetScaler Gateway和Citrix Application Delivery Controller（ADC）Citrix NetScaler Gateway和Citrix Application Delivery Controller都是美国思杰系统（Citrix Systems）公司的产品。Citrix Systems NetScaler Gateway是一套安全的远程接入解决方案。该方案可为管理员提供应用级和数据级管控功能，以实现用户从任何地点远程访问应用和数据。Citrix Application Delivery Controller是一款应用交付控制器。该产品具有应用交付控制和负载均衡等功能。 Citrix NetScaler Gateway和Citrix ADC中存在缓冲区溢出漏洞。该漏洞源于网络系统或产品在内存上执行操作时未正确验证数据边界，导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。

Severity

中

Patch Name

Citrix NetScaler Gateway和Citrix Application Delivery Controller缓冲区溢出漏洞的补丁

Patch Description

Formal description

用户可联系供应商获得补丁信息： https://support.citrix.com/article/CTX249976

Reference

https://web.nvd.nist.gov//vuln/detail/CVE-2019-12044

Impacted products

Name
['Citrix Systems NetScaler Gateway 10.5.x，<10.5.70.x', 'Citrix Systems NetScaler Gateway 11.1.x，<11.1.59.10', 'Citrix Systems NetScaler Gateway 12.0.x，<12.0.59.8', 'Citrix Systems NetScaler Gateway 12.1.x，<12.1.49.23', 'Citrix Systems NetScaler Application Delivery Controller（ADC） 10.5.x，<10.5.70.x', 'Citrix Systems NetScaler Application Delivery Controller（ADC） 11.1.x，<11.1.59.10', 'Citrix Systems NetScaler Application Delivery Controller（ADC） 12.0.x，<12.0.59.8', 'Citrix Systems NetScaler Application Delivery Controller（ADC） 12.1.x，<12.1.49.23']

Name

['Citrix Systems NetScaler Gateway 10.5.x，<10.5.70.x', 'Citrix Systems NetScaler Gateway 11.1.x，<11.1.59.10', 'Citrix Systems NetScaler Gateway 12.0.x，<12.0.59.8', 'Citrix Systems NetScaler Gateway 12.1.x，<12.1.49.23', 'Citrix Systems NetScaler Application Delivery Controller（ADC） 10.5.x，<10.5.70.x', 'Citrix Systems NetScaler Application Delivery Controller（ADC） 11.1.x，<11.1.59.10', 'Citrix Systems NetScaler Application Delivery Controller（ADC） 12.0.x，<12.0.59.8', 'Citrix Systems NetScaler Application Delivery Controller（ADC） 12.1.x，<12.1.49.23']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-12044",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12044"
    }
  },
  "description": "Citrix Systems NetScaler Gateway\u548cCitrix Application Delivery Controller\uff08ADC\uff09Citrix NetScaler Gateway\u548cCitrix Application Delivery Controller\u90fd\u662f\u7f8e\u56fd\u601d\u6770\u7cfb\u7edf\uff08Citrix Systems\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Citrix Systems NetScaler Gateway\u662f\u4e00\u5957\u5b89\u5168\u7684\u8fdc\u7a0b\u63a5\u5165\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u53ef\u4e3a\u7ba1\u7406\u5458\u63d0\u4f9b\u5e94\u7528\u7ea7\u548c\u6570\u636e\u7ea7\u7ba1\u63a7\u529f\u80fd\uff0c\u4ee5\u5b9e\u73b0\u7528\u6237\u4ece\u4efb\u4f55\u5730\u70b9\u8fdc\u7a0b\u8bbf\u95ee\u5e94\u7528\u548c\u6570\u636e\u3002Citrix Application Delivery Controller\u662f\u4e00\u6b3e\u5e94\u7528\u4ea4\u4ed8\u63a7\u5236\u5668\u3002\u8be5\u4ea7\u54c1\u5177\u6709\u5e94\u7528\u4ea4\u4ed8\u63a7\u5236\u548c\u8d1f\u8f7d\u5747\u8861\u7b49\u529f\u80fd\u3002\n\nCitrix NetScaler Gateway\u548cCitrix ADC\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u5185\u5b58\u4e0a\u6267\u884c\u64cd\u4f5c\u65f6\u672a\u6b63\u786e\u9a8c\u8bc1\u6570\u636e\u8fb9\u754c\uff0c\u5bfc\u81f4\u5411\u5173\u8054\u7684\u5176\u4ed6\u5185\u5b58\u4f4d\u7f6e\u4e0a\u6267\u884c\u4e86\u9519\u8bef\u7684\u8bfb\u5199\u64cd\u4f5c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u6216\u5806\u6ea2\u51fa\u7b49\u3002",
  "discovererName": "unknown",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://support.citrix.com/article/CTX249976",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-15742",
  "openTime": "2019-05-29",
  "patchDescription": "Citrix Systems NetScaler Gateway\u548cCitrix Application Delivery Controller\uff08ADC\uff09Citrix NetScaler Gateway\u548cCitrix Application Delivery Controller\u90fd\u662f\u7f8e\u56fd\u601d\u6770\u7cfb\u7edf\uff08Citrix Systems\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Citrix Systems NetScaler Gateway\u662f\u4e00\u5957\u5b89\u5168\u7684\u8fdc\u7a0b\u63a5\u5165\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u53ef\u4e3a\u7ba1\u7406\u5458\u63d0\u4f9b\u5e94\u7528\u7ea7\u548c\u6570\u636e\u7ea7\u7ba1\u63a7\u529f\u80fd\uff0c\u4ee5\u5b9e\u73b0\u7528\u6237\u4ece\u4efb\u4f55\u5730\u70b9\u8fdc\u7a0b\u8bbf\u95ee\u5e94\u7528\u548c\u6570\u636e\u3002Citrix Application Delivery Controller\u662f\u4e00\u6b3e\u5e94\u7528\u4ea4\u4ed8\u63a7\u5236\u5668\u3002\u8be5\u4ea7\u54c1\u5177\u6709\u5e94\u7528\u4ea4\u4ed8\u63a7\u5236\u548c\u8d1f\u8f7d\u5747\u8861\u7b49\u529f\u80fd\u3002\r\n\r\nCitrix NetScaler Gateway\u548cCitrix ADC\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u5185\u5b58\u4e0a\u6267\u884c\u64cd\u4f5c\u65f6\u672a\u6b63\u786e\u9a8c\u8bc1\u6570\u636e\u8fb9\u754c\uff0c\u5bfc\u81f4\u5411\u5173\u8054\u7684\u5176\u4ed6\u5185\u5b58\u4f4d\u7f6e\u4e0a\u6267\u884c\u4e86\u9519\u8bef\u7684\u8bfb\u5199\u64cd\u4f5c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u6216\u5806\u6ea2\u51fa\u7b49\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Citrix NetScaler Gateway\u548cCitrix Application Delivery Controller\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Citrix Systems NetScaler Gateway 10.5.x\uff0c\u003c10.5.70.x",
      "Citrix Systems NetScaler Gateway 11.1.x\uff0c\u003c11.1.59.10",
      "Citrix Systems NetScaler Gateway 12.0.x\uff0c\u003c12.0.59.8",
      "Citrix Systems NetScaler Gateway 12.1.x\uff0c\u003c12.1.49.23",
      "Citrix Systems NetScaler Application Delivery Controller\uff08ADC\uff09 10.5.x\uff0c\u003c10.5.70.x",
      "Citrix Systems NetScaler Application Delivery Controller\uff08ADC\uff09 11.1.x\uff0c\u003c11.1.59.10",
      "Citrix Systems NetScaler Application Delivery Controller\uff08ADC\uff09 12.0.x\uff0c\u003c12.0.59.8",
      "Citrix Systems NetScaler Application Delivery Controller\uff08ADC\uff09 12.1.x\uff0c\u003c12.1.49.23"
    ]
  },
  "referenceLink": "https://web.nvd.nist.gov//vuln/detail/CVE-2019-12044",
  "serverity": "\u4e2d",
  "submitTime": "2019-05-22",
  "title": "Citrix NetScaler Gateway\u548cCitrix Application Delivery Controller\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-12044 (GCVE-0-2019-12044)

GHSA-4G6Q-2GHM-PR4W

GSD-2019-12044

VAR-201905-0568

FKIE_CVE-2019-12044

CERTFR-2019-AVI-202

Solution

CERTFR-2019-AVI-202

Solution

CNVD-2019-15742

Tags

Sightings

Nomenclature