CVE-2010-4566

The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://support.citrix.com/article/CTX127613	Vendor Advisory
http://www.securitytracker.com/id?1024893
http://www.osvdb.org/70099
http://www.exploit-db.com/exploits/16916
http://www.vsecurity.com/resources/advisory/20101221-1
http://securityreason.com/securityalert/8119

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:citrix:access_gateway:9.1-104.5::enterprise:::::
	cpe:2.3:a:citrix:access_gateway:8.1-69.4::enterprise:::::
	cpe:2.3:a:citrix:access_gateway:9.0.71.3::enterprise:::::
	cpe:2.3:a:citrix:access_gateway:8.0:m59.1:enterprise:::::*
	cpe:2.3:a:citrix:access_gateway:::enterprise:::::*
	cpe:2.3:a:citrix:access_gateway:8.0:m48.7:enterprise:::::*
	cpe:2.3:a:citrix:access_gateway:.8.0:m50.3:enterprise:::::*
	cpe:2.3:a:citrix:access_gateway:8.0:m49.2:enterprise:::::*

Configuration 2 (hide)

OR	cpe:2.3:a:citrix:access_gateway:4.5.5::standard:::::
	cpe:2.3:a:citrix:access_gateway:4.5.6::standard:::::
	cpe:2.3:a:citrix:access_gateway:4.6.2::standard:::::
	cpe:2.3:a:citrix:access_gateway:4.6.3::standard:::::
	cpe:2.3:a:citrix:access_gateway:4.5.7::standard:::::
	cpe:2.3:a:citrix:access_gateway:4.5::advanced:::::
	cpe:2.3:a:citrix:access_gateway:4.5:hf1::::::
	cpe:2.3:a:citrix:access_gateway:4.6.1::standard:::::
	cpe:2.3:a:citrix:access_gateway:4.5::standard:::::
	cpe:2.3:a:citrix:access_gateway:4.5:hf1:advanced:::::*

Information

Published : 2011-01-14 15:00

Updated : 2011-09-21 20:26

NVD link : CVE-2010-4566

Mitre link : CVE-2010-4566

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

citrix

access_gateway

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://support.citrix.com/article/CTX127613", "name": "http://support.citrix.com/article/CTX127613", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securitytracker.com/id?1024893", "name": "1024893", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.osvdb.org/70099", "name": "70099", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.exploit-db.com/exploits/16916", "name": "16916", "tags": [], "refsource": "EXPLOIT-DB"}, {"url": "http://www.vsecurity.com/resources/advisory/20101221-1", "name": "http://www.vsecurity.com/resources/advisory/20101221-1", "tags": [], "refsource": "MISC"}, {"url": "http://securityreason.com/securityalert/8119", "name": "8119", "tags": [], "refsource": "SREASON"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-4566", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2011-01-14T23:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:citrix:access_gateway:9.1-104.5:*:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:access_gateway:8.1-69.4:*:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:access_gateway:9.0.71.3:*:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:access_gateway:8.0:m59.1:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:access_gateway:*:*:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "9.2-49.8"}, {"cpe23Uri": "cpe:2.3:a:citrix:access_gateway:8.0:m48.7:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:access_gateway:.8.0:m50.3:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:access_gateway:8.0:m49.2:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:citrix:access_gateway:4.5.5:*:standard:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:access_gateway:4.5.6:*:standard:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:access_gateway:4.6.2:*:standard:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:access_gateway:4.6.3:*:standard:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:access_gateway:4.5.7:*:standard:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:access_gateway:4.5:*:advanced:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:access_gateway:4.5:hf1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:access_gateway:4.6.1:*:standard:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:access_gateway:4.5:*:standard:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:access_gateway:4.5:hf1:advanced:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-09-22T03:26Z"}

9.3 /10