VAR-201304-0403
Vulnerability from variot - Updated: 2023-12-18 13:20Unspecified vulnerability in Citrix NetScaler Access Gateway Enterprise Edition (AGEE) before 9.3.62.4 and 10.x through 10.0.74.4, and NetScaler AGEE Common Criteria build before 9.3.53.6, allows remote attackers to bypass intended intranet access restrictions via unknown vectors. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201304-0403",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netscaler access gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "9.1"
},
{
"model": "netscaler access gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "10.0.74.4"
},
{
"model": "netscaler access gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "9.3"
},
{
"model": "netscaler access gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "9.2"
},
{
"model": "netscaler access gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "10.0"
},
{
"model": "netscaler access gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "citrix",
"version": "9.3.61.5"
},
{
"model": "netscaler access gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "citrix",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "citrix",
"version": null
},
{
"model": "netscaler gateway",
"scope": null,
"trust": 0.8,
"vendor": "citrix",
"version": null
},
{
"model": "netscaler gateway",
"scope": "lte",
"trust": 0.8,
"vendor": "citrix",
"version": "version 10.0.74.4 10.0 system"
},
{
"model": "netscaler gateway",
"scope": "lte",
"trust": 0.8,
"vendor": "citrix",
"version": "version 9.3.61.5"
},
{
"model": "netscaler access gateway enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "citrix",
"version": "9.3.61.5"
},
{
"model": "netscaler access gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "citrix",
"version": "9.3.61.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#521612"
},
{
"db": "CNVD",
"id": "CNVD-2013-04456"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002478"
},
{
"db": "NVD",
"id": "CVE-2013-2767"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-547"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:10.0.74.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.3.61.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:9.3:agee_common_criteria_build:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:citrix:netscaler_access_gateway:-:-:enterprise:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2767"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HyeongKwan Lee of SK",
"sources": [
{
"db": "BID",
"id": "59491"
}
],
"trust": 0.3
},
"cve": "CVE-2013-2767",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 5.4,
"collateralDamagePotential": "LOW-MEDIUM",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 4.5,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 4.9,
"id": "CVE-2013-2767",
"impactScore": 6.9,
"integrityImpact": "NONE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "MEDIUM",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-2767",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2013-04456",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "VHN-62769",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-2767",
"trust": 2.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-04456",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201304-547",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-62769",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#521612"
},
{
"db": "CNVD",
"id": "CNVD-2013-04456"
},
{
"db": "VULHUB",
"id": "VHN-62769"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002478"
},
{
"db": "NVD",
"id": "CVE-2013-2767"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-547"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Citrix NetScaler Access Gateway Enterprise Edition (AGEE) before 9.3.62.4 and 10.x through 10.0.74.4, and NetScaler AGEE Common Criteria build before 9.3.53.6, allows remote attackers to bypass intended intranet access restrictions via unknown vectors. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2767"
},
{
"db": "CERT/CC",
"id": "VU#521612"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002478"
},
{
"db": "CNVD",
"id": "CNVD-2013-04456"
},
{
"db": "BID",
"id": "59491"
},
{
"db": "VULHUB",
"id": "VHN-62769"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2767",
"trust": 4.2
},
{
"db": "CERT/CC",
"id": "VU#521612",
"trust": 4.2
},
{
"db": "BID",
"id": "59491",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU95943552",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002478",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-04456",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201304-547",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-62769",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#521612"
},
{
"db": "CNVD",
"id": "CNVD-2013-04456"
},
{
"db": "VULHUB",
"id": "VHN-62769"
},
{
"db": "BID",
"id": "59491"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002478"
},
{
"db": "NVD",
"id": "CVE-2013-2767"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-547"
}
]
},
"id": "VAR-201304-0403",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04456"
},
{
"db": "VULHUB",
"id": "VHN-62769"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04456"
}
]
},
"last_update_date": "2023-12-18T13:20:07.062000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Vulnerability in Citrix NetScaler Access Gateway Enterprise Edition Could Result in Unauthorized Access to Network Resources (CTX137238)",
"trust": 0.8,
"url": "http://support.citrix.com/article/ctx137238"
},
{
"title": "NetScaler ADC - Firmware",
"trust": 0.8,
"url": "https://www.citrix.com/downloads/netscaler-adc/firmware.html"
},
{
"title": "Citrix NetScaler and Access Gateway are not authorized to access vulnerable patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/33692"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04456"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002478"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2767"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "http://support.citrix.com/article/ctx137238"
},
{
"trust": 3.4,
"url": "http://www.kb.cert.org/vuls/id/521612"
},
{
"trust": 0.8,
"url": "https://www.citrix.com/downloads/netscaler-adc/firmware.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2767"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu95943552/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2767"
},
{
"trust": 0.3,
"url": "http://www.citrix.com"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#521612"
},
{
"db": "CNVD",
"id": "CNVD-2013-04456"
},
{
"db": "VULHUB",
"id": "VHN-62769"
},
{
"db": "BID",
"id": "59491"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002478"
},
{
"db": "NVD",
"id": "CVE-2013-2767"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-547"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#521612"
},
{
"db": "CNVD",
"id": "CNVD-2013-04456"
},
{
"db": "VULHUB",
"id": "VHN-62769"
},
{
"db": "BID",
"id": "59491"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002478"
},
{
"db": "NVD",
"id": "CVE-2013-2767"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-547"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-25T00:00:00",
"db": "CERT/CC",
"id": "VU#521612"
},
{
"date": "2013-04-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04456"
},
{
"date": "2013-04-25T00:00:00",
"db": "VULHUB",
"id": "VHN-62769"
},
{
"date": "2013-04-25T00:00:00",
"db": "BID",
"id": "59491"
},
{
"date": "2013-04-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002478"
},
{
"date": "2013-04-25T20:55:10.003000",
"db": "NVD",
"id": "CVE-2013-2767"
},
{
"date": "2013-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-547"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-25T00:00:00",
"db": "CERT/CC",
"id": "VU#521612"
},
{
"date": "2013-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04456"
},
{
"date": "2013-05-02T00:00:00",
"db": "VULHUB",
"id": "VHN-62769"
},
{
"date": "2013-04-25T00:00:00",
"db": "BID",
"id": "59491"
},
{
"date": "2013-04-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002478"
},
{
"date": "2013-05-02T04:00:00",
"db": "NVD",
"id": "CVE-2013-2767"
},
{
"date": "2013-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-547"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-547"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Citrix NetScaler and Access Gateway Enterprise Edition unauthorized access to network resources vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#521612"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "59491"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…