CVE-2009-2213

The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions.

CVSS v2.0 6.3 MEDIUM

6.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:S/C:C/I:N/A:N

Exploitability : 6.8 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://support.citrix.com/article/CTX118770	Vendor Advisory
http://www.securityfocus.com/bid/35422
http://www.vupen.com/english/advisories/2009/1641	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/51274

Advertisement

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:citrix:netscaler_access_gateway_firmware:9.0:::::::*
	cpe:2.3:o:citrix:netscaler_access_gateway_firmware::::::::
	cpe:2.3:o:citrix:netscaler_access_gateway_firmware:7.0:::::::*
	cpe:2.3:o:citrix:netscaler_access_gateway_firmware:8.0:::::::*

cpe:2.3:h:citrix:netscaler_access_gateway:-:-:enterprise:*:*:*:*:*

Information

Published : 2009-06-25 16:14

Updated : 2017-08-16 18:30

NVD link : CVE-2009-2213

Mitre link : CVE-2009-2213

JSON object : View

CWE

CWE-16

Configuration

Advertisement

Products Affected

citrix

netscaler_access_gateway_firmware
netscaler_access_gateway

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://support.citrix.com/article/CTX118770", "name": "http://support.citrix.com/article/CTX118770", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/35422", "name": "35422", "tags": [], "refsource": "BID"}, {"url": "http://www.vupen.com/english/advisories/2009/1641", "name": "ADV-2009-1641", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51274", "name": "netscaler-default-unauth-access(51274)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-16"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-2213", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-06-25T23:14Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "8.1"}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_access_gateway_firmware:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:citrix:netscaler_access_gateway:-:-:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:30Z"}