CVE-2010-4566

The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://securityreason.com/securityalert/8119
http://support.citrix.com/article/CTX127613	Vendor Advisory
http://www.exploit-db.com/exploits/16916
http://www.osvdb.org/70099
http://www.securitytracker.com/id?1024893
http://www.vsecurity.com/resources/advisory/20101221-1

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:citrix:access_gateway:::enterprise:::::*
	cpe:2.3:a:citrix:access_gateway:.8.0:m50.3:enterprise:::::*
	cpe:2.3:a:citrix:access_gateway:8.0:m48.7:enterprise:::::*
	cpe:2.3:a:citrix:access_gateway:8.0:m49.2:enterprise:::::*
	cpe:2.3:a:citrix:access_gateway:8.0:m59.1:enterprise:::::*
	cpe:2.3:a:citrix:access_gateway:8.1-69.4::enterprise:::::
	cpe:2.3:a:citrix:access_gateway:9.0.71.3::enterprise:::::
	cpe:2.3:a:citrix:access_gateway:9.1-104.5::enterprise:::::

Configuration 2 (hide)

OR	cpe:2.3:a:citrix:access_gateway:4.5::advanced:::::
	cpe:2.3:a:citrix:access_gateway:4.5::standard:::::
	cpe:2.3:a:citrix:access_gateway:4.5:hf1::::::
	cpe:2.3:a:citrix:access_gateway:4.5:hf1:advanced:::::*
	cpe:2.3:a:citrix:access_gateway:4.5.5::standard:::::
	cpe:2.3:a:citrix:access_gateway:4.5.6::standard:::::
	cpe:2.3:a:citrix:access_gateway:4.5.7::standard:::::
	cpe:2.3:a:citrix:access_gateway:4.6.1::standard:::::
	cpe:2.3:a:citrix:access_gateway:4.6.2::standard:::::
	cpe:2.3:a:citrix:access_gateway:4.6.3::standard:::::

History

No history.

Information

Published : 2011-01-14 23:00

Updated : 2024-02-04 17:54

NVD link : CVE-2010-4566

Mitre link : CVE-2010-4566

CVE.ORG link : CVE-2010-4566

JSON object : View

Products Affected

citrix

access_gateway

CWE

NVD-CWE-noinfo

{"id": "CVE-2010-4566", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-01-14T23:00:47.207", "references": [{"url": "http://securityreason.com/securityalert/8119", "source": "cve@mitre.org"}, {"url": "http://support.citrix.com/article/CTX127613", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/16916", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/70099", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1024893", "source": "cve@mitre.org"}, {"url": "http://www.vsecurity.com/resources/advisory/20101221-1", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el componente de autenticaci\u00f3n NT4 en Citrix Access Gateway Enterprise Edition v9.2-49.8 y anteriores, y el componente de autenticaci\u00f3n NTLM en \"Access Gateway Standard Edition\" y \"Access Gateway Advanced Edition\" antes de su versi\u00f3n v5.0, permite a atacantes eludir la autenticaci\u00f3n y, posiblemente, ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos."}], "lastModified": "2011-09-22T03:26:49.680", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:citrix:access_gateway:*:*:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D5E4A81-EDA7-4C0D-A02D-A0785081392D", "versionEndIncluding": "9.2-49.8"}, {"criteria": "cpe:2.3:a:citrix:access_gateway:.8.0:m50.3:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4990990C-9647-4A31-894E-F43652FFF4AB"}, {"criteria": "cpe:2.3:a:citrix:access_gateway:8.0:m48.7:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1275E2DF-5D06-4CE3-BAB9-7F2AFEC2F5A9"}, {"criteria": "cpe:2.3:a:citrix:access_gateway:8.0:m49.2:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "766AB736-FA79-4E70-A0F6-3C5D071A1AD8"}, {"criteria": "cpe:2.3:a:citrix:access_gateway:8.0:m59.1:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46ECBD0E-0873-4A82-AE09-46CA4A54C104"}, {"criteria": "cpe:2.3:a:citrix:access_gateway:8.1-69.4:*:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA9F8079-0A27-47F3-AA20-376D53C3C2AB"}, {"criteria": "cpe:2.3:a:citrix:access_gateway:9.0.71.3:*:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D430557-6BBA-45B9-8DB6-B72641EF6C69"}, {"criteria": "cpe:2.3:a:citrix:access_gateway:9.1-104.5:*:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "398E63F4-F325-48FC-9BA2-4FBE5D15C3FE"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:citrix:access_gateway:4.5:*:advanced:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E674A101-814E-4954-B344-663AF49FED35"}, {"criteria": "cpe:2.3:a:citrix:access_gateway:4.5:*:standard:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C019102F-CED4-4911-9B02-8D88AF9796DD"}, {"criteria": "cpe:2.3:a:citrix:access_gateway:4.5:hf1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCABF20E-43A8-494B-AB47-B2C73C497B51"}, {"criteria": "cpe:2.3:a:citrix:access_gateway:4.5:hf1:advanced:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44665598-C710-4EED-ACCB-D5B69644D537"}, {"criteria": "cpe:2.3:a:citrix:access_gateway:4.5.5:*:standard:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94618DF7-4882-4205-89F2-DD8B22BB9D9A"}, {"criteria": "cpe:2.3:a:citrix:access_gateway:4.5.6:*:standard:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EAEF2D7-EBE5-4B14-AE70-24B2C4770287"}, {"criteria": "cpe:2.3:a:citrix:access_gateway:4.5.7:*:standard:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98CF7119-F625-4A4C-838A-216D05B2763D"}, {"criteria": "cpe:2.3:a:citrix:access_gateway:4.6.1:*:standard:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BBA9141-DD1E-40D8-835F-6B7290632747"}, {"criteria": "cpe:2.3:a:citrix:access_gateway:4.6.2:*:standard:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C96FF50F-7498-4469-9DE2-F99717BAEC56"}, {"criteria": "cpe:2.3:a:citrix:access_gateway:4.6.3:*:standard:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BDE88C1-29B3-44F3-82AD-5FFD74656B3A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}