VAR-201403-0148
Vulnerability from variot - Updated: 2023-12-18 12:21Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows users to "breakout" of the shell via unknown vectors. Citrix NetScaler is prone to an unspecified security vulnerability. The impact of this issue is currently unknown. We will update this BID when more information emerges. Versions prior to Citrix NetScaler Application Delivery Controller running firmware versions 10.1-118.7, 10.0-77.5, and 9.3-64.4. are vulnerable. This solution is mainly used to optimize, secure and control the delivery of various enterprise services and cloud services. An attacker could exploit this vulnerability to bypass the restricted shell and gain access to the file system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201403-0148",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "9.3.e"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "9.3\\(1\\)"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "10.1"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 1.6,
"vendor": "citrix",
"version": "10.0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "10.0-77.5"
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "9.3.x"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "10.1-118.7"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.8,
"vendor": "citrix",
"version": "9.3-64.4"
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "10.0"
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 0.8,
"vendor": "citrix",
"version": "10.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006144"
},
{
"db": "NVD",
"id": "CVE-2013-6941"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-188"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:9.3\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:9.3.e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6941"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "66014"
}
],
"trust": 0.3
},
"cve": "CVE-2013-6941",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-6941",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-66943",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-6941",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201403-188",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-66943",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66943"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006144"
},
{
"db": "NVD",
"id": "CVE-2013-6941"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-188"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows users to \"breakout\" of the shell via unknown vectors. Citrix NetScaler is prone to an unspecified security vulnerability. \nThe impact of this issue is currently unknown. We will update this BID when more information emerges. \nVersions prior to Citrix NetScaler Application Delivery Controller running firmware versions 10.1-118.7, 10.0-77.5, and 9.3-64.4. are vulnerable. This solution is mainly used to optimize, secure and control the delivery of various enterprise services and cloud services. An attacker could exploit this vulnerability to bypass the restricted shell and gain access to the file system",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6941"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006144"
},
{
"db": "BID",
"id": "66014"
},
{
"db": "VULHUB",
"id": "VHN-66943"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6941",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006144",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201403-188",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "57279",
"trust": 0.6
},
{
"db": "BID",
"id": "66014",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-66943",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66943"
},
{
"db": "BID",
"id": "66014"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006144"
},
{
"db": "NVD",
"id": "CVE-2013-6941"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-188"
}
]
},
"id": "VAR-201403-0148",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-66943"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:21:28.545000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CTX139049",
"trust": 0.8,
"url": "http://support.citrix.com/article/ctx139049"
},
{
"title": "agee64-10.1-120.1316.e",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=48619"
},
{
"title": "AGEE64-bitPlugin-9.3-64.4",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=48617"
},
{
"title": "agee64-10.0-77.5",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=48618"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006144"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-188"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6941"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://support.citrix.com/article/ctx139049"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6941"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6941"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/57279"
},
{
"trust": 0.3,
"url": "http://www.citrix.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66943"
},
{
"db": "BID",
"id": "66014"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006144"
},
{
"db": "NVD",
"id": "CVE-2013-6941"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-188"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-66943"
},
{
"db": "BID",
"id": "66014"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006144"
},
{
"db": "NVD",
"id": "CVE-2013-6941"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-188"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-11T00:00:00",
"db": "VULHUB",
"id": "VHN-66943"
},
{
"date": "2014-03-05T00:00:00",
"db": "BID",
"id": "66014"
},
{
"date": "2014-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006144"
},
{
"date": "2014-03-11T13:00:36.233000",
"db": "NVD",
"id": "CVE-2013-6941"
},
{
"date": "2014-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-188"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-11T00:00:00",
"db": "VULHUB",
"id": "VHN-66943"
},
{
"date": "2014-03-07T01:10:00",
"db": "BID",
"id": "66014"
},
{
"date": "2014-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006144"
},
{
"date": "2014-03-11T13:42:26.873000",
"db": "NVD",
"id": "CVE-2013-6941"
},
{
"date": "2014-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-188"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-188"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Citrix NetScaler Application Delivery Controller Shell in \" Breakout \" Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006144"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-188"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…