CVE-2006-4846

Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authentication, allows remote attackers to bypass authentication via unknown vectors.

CVSS v2.0 5.1 MEDIUM

5.1^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://support.citrix.com/article/CTX110439	Patch
http://support.citrix.com/article/CTX110950	Patch
http://www.securityfocus.com/bid/20066	Patch
http://securitytracker.com/id?1016874	Patch
http://secunia.com/advisories/21941	Patch Vendor Advisory
http://www.osvdb.org/28938
http://www.kb.cert.org/vuls/id/658620	US Government Resource
http://www.vupen.com/english/advisories/2006/3643
https://exchange.xforce.ibmcloud.com/vulnerabilities/28990

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:citrix:access_gateway:4.2:*:*:*:*:*:*:*

Information

Published : 2006-09-18 18:07

Updated : 2017-07-19 18:33

NVD link : CVE-2006-4846

Mitre link : CVE-2006-4846

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

citrix

access_gateway

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://support.citrix.com/article/CTX110439", "name": "http://support.citrix.com/article/CTX110439", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://support.citrix.com/article/CTX110950", "name": "http://support.citrix.com/article/CTX110950", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/20066", "name": "20066", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1016874", "name": "1016874", "tags": ["Patch"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/21941", "name": "21941", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/28938", "name": "28938", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.kb.cert.org/vuls/id/658620", "name": "VU#658620", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.vupen.com/english/advisories/2006/3643", "name": "ADV-2006-3643", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28990", "name": "citrix-acc-ldap-auth-bypass(28990)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authentication, allows remote attackers to bypass authentication via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-4846", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-09-19T01:07Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:citrix:access_gateway:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:33Z"}