CVE-2006-4846

Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authentication, allows remote attackers to bypass authentication via unknown vectors.

CVSS v2.0 5.1 MEDIUM

5.1^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/21941	Patch Vendor Advisory
http://securitytracker.com/id?1016874	Patch
http://support.citrix.com/article/CTX110439	Patch
http://support.citrix.com/article/CTX110950	Patch
http://www.kb.cert.org/vuls/id/658620	US Government Resource
http://www.osvdb.org/28938
http://www.securityfocus.com/bid/20066	Patch
http://www.vupen.com/english/advisories/2006/3643
https://exchange.xforce.ibmcloud.com/vulnerabilities/28990

Configurations

Configuration 1 (hide)

cpe:2.3:a:citrix:access_gateway:4.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-09-19 01:07

Updated : 2024-02-04 17:13

NVD link : CVE-2006-4846

Mitre link : CVE-2006-4846

CVE.ORG link : CVE-2006-4846

JSON object : View

Products Affected

citrix

access_gateway

CWE

NVD-CWE-Other

{"id": "CVE-2006-4846", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-09-19T01:07:00.000", "references": [{"url": "http://secunia.com/advisories/21941", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1016874", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://support.citrix.com/article/CTX110439", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://support.citrix.com/article/CTX110950", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/658620", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/28938", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/20066", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/3643", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28990", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authentication, allows remote attackers to bypass authentication via unknown vectors."}, {"lang": "es", "value": "Vulnerabilidad sin especificar en Citrix Access Gateway con Advanced Access Control (AAC) 4.2 anterior al 14/09/2006, cuando AAC est\u00e1 configurado para usar autenticaci\u00f3n LDAP, permite a atacantes remotos evitar la autenticaci\u00f3n a trav\u00e9s de vectores desconocidos."}], "lastModified": "2017-07-20T01:33:21.243", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:citrix:access_gateway:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C3186D6-9A71-4B1A-8A2A-D801408E5AF1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "Successful exploitation requires that the Advanced Access Control option is set to use LDAP authentication.\r\nThis vulnerability is addressed by hotfix AAC420W004."}