CVE-2007-4016

Unspecified vulnerability in the client components in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows attackers to execute arbitrary code via unspecified vectors.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/43983
http://secunia.com/advisories/26143	Patch Vendor Advisory
http://support.citrix.com/article/CTX113815	Patch
http://support.citrix.com/article/CTX114028	Patch
http://www.securityfocus.com/bid/24975	Patch
http://www.securitytracker.com/id?1018435
http://www.vupen.com/english/advisories/2007/2583

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:citrix:access_gateway:::advanced:::::*
	cpe:2.3:a:citrix:access_gateway:::standard:::::*
	cpe:2.3:a:citrix:access_gateway:4.0:::::::*
	cpe:2.3:a:citrix:access_gateway:4.2:::::::*

History

No history.

Information

Published : 2007-07-26 01:30

Updated : 2024-02-04 17:13

NVD link : CVE-2007-4016

Mitre link : CVE-2007-4016

CVE.ORG link : CVE-2007-4016

JSON object : View

Products Affected

citrix

access_gateway

CWE

NVD-CWE-Other

{"id": "CVE-2007-4016", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-07-26T01:30:00.000", "references": [{"url": "http://osvdb.org/43983", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26143", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://support.citrix.com/article/CTX113815", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://support.citrix.com/article/CTX114028", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24975", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018435", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2583", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the client components in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows attackers to execute arbitrary code via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad no especificada en los componentes de cliente en Citrix Access Gateway Standard Edition anterior a 4.5.5 y Advanced Edition anterior a 4.5 HF1 permite a atacantes ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores no especificados."}], "lastModified": "2011-03-08T02:57:37.187", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:citrix:access_gateway:*:*:advanced:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D86C3656-2FD4-44D6-9D4D-7D159D1F88E3", "versionEndIncluding": "4.5"}, {"criteria": "cpe:2.3:a:citrix:access_gateway:*:*:standard:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBDE442A-F7FC-4369-A28E-6C6AA8B999A0", "versionEndIncluding": "4.5"}, {"criteria": "cpe:2.3:a:citrix:access_gateway:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1A9C532-DE4A-40B5-932A-9229DEA92CF4"}, {"criteria": "cpe:2.3:a:citrix:access_gateway:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C3186D6-9A71-4B1A-8A2A-D801408E5AF1"}], "operator": "OR"}]}], "evaluatorComment": "Citrix Access Gateway is available as software or as a hardware device.", "sourceIdentifier": "cve@mitre.org"}