Sign-up

ID

VAR-200707-0193


CVE

CVE-2007-4017


TITLE

Citrix Access Gateway of Web -Based management console cross-site request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-002414

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the web-based administration console in Citrix Access Gateway before firmware 4.5.5 allows remote attackers to perform certain configuration changes as administrators. Citrix Access Gateway Standard and Advanced Edition are prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to: - Obtain sensitive information - Execute code remotely - Hijack sessions - Redirect users to arbitrary sites - Make unauthorized configuration changes Citrix has released patches for these vulnerabilities. Citrix Access Gateway, a general-purpose SSL VPN device, provides secure and always-on single-point access support for information resources. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. 1) A security issue due to residual information left on the client device can be exploited to gain unauthorized access to a user\x92s active session. 2) Multiple unspecified errors in client components (Net6Helper.DLL and npCtxCAO.dll as ActiveX control and Firefox plugin) of Access Gateway Standard and Advanced Editions can be exploited to execute arbitrary code in context of the logged-in user. This can be exploited to e.g. This vulnerability is reported in Access Gateway model 2000 appliances with firmware version 4.5.2 and prior. A redirection issue that may facilitate phishing attacks has also been reported. SOLUTION: Apply hotfix and update firmware to version 4.5.5. Access Gateway Standard Edition 4.5: http://support.citrix.com/article/CTX114028 Access Gateway Advanced Edition 4.5: http://support.citrix.com/article/CTX112803 The vendor also recommends to remove the following components from client devices: VPN ActiveX components: * Net6Helper.DLL (Friendly name: Net6Launcher Class, version number up to and including 4.5.2) EPA Components (ActiveX): * npCtxCAO.dll (Friendly name: CCAOControl Object, version number up to 4,5,0,0) EPA Components (Firefox plugin): * npCtxCAO.dll (Friendly name: Citrix Endpoint Analysis Client, present in two locations) PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Martin O\x92Neal, Corsaire. 2) The vendor credits Michael White, Symantec. 3) The vendor credits Paul Johnston. ORIGINAL ADVISORY: http://support.citrix.com/article/CTX113814 http://support.citrix.com/article/CTX113815 http://support.citrix.com/article/CTX113816 http://support.citrix.com/article/CTX113817 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-4017 // JVNDB: JVNDB-2007-002414 // BID: 24975 // VULHUB: VHN-27379 // PACKETSTORM: 57912

AFFECTED PRODUCTS

vendor:citrixmodel:access gatewayscope:eqversion:4.5

Trust: 1.6

vendor:citrixmodel:access gatewayscope:ltversion:firmware 4.5.5

Trust: 0.8

vendor:citrixmodel:advanced access controlscope:eqversion:4.2

Trust: 0.3

vendor:citrixmodel:advanced access controlscope:eqversion:4.0

Trust: 0.3

vendor:citrixmodel:access gateway standard editionscope:eqversion:4.5

Trust: 0.3

vendor:citrixmodel:access gateway advanced editionscope:eqversion:4.5

Trust: 0.3

vendor:citrixmodel:advanced access control hf.1scope:neversion: -

Trust: 0.3

vendor:citrixmodel:access gateway standard editionscope:neversion:4.5.5

Trust: 0.3

vendor:citrixmodel:access gateway advanced editionscope:neversion:4.5.5

Trust: 0.3

sources: BID: 24975 // JVNDB: JVNDB-2007-002414 // CNNVD: CNNVD-200707-441 // NVD: CVE-2007-4017

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-4017
value: HIGH

Trust: 1.0

NVD: CVE-2007-4017
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200707-441
value: HIGH

Trust: 0.6

VULHUB: VHN-27379
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-4017
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-27379
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-27379 // JVNDB: JVNDB-2007-002414 // CNNVD: CNNVD-200707-441 // NVD: CVE-2007-4017

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-4017

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200707-441

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200707-441

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-002414

PATCH
title:CTX113817url:http://support.citrix.com/article/CTX113817
Trust: 0.8
title:CTX114028url:http://support.citrix.com/article/CTX114028
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-002414

EXTERNAL IDS
db:NVDid:CVE-2007-4017
Trust: 2.8
db:BIDid:24975
Trust: 2.0
db:SECUNIAid:26143
Trust: 1.8
db:OSVDBid:37841
Trust: 1.7
db:VUPENid:ADV-2007-2583
Trust: 1.7
db:SECTRACKid:1018435
Trust: 1.7
db:JVNDBid:JVNDB-2007-002414
Trust: 0.8
db:XFid:35513
Trust: 0.6
db:CNNVDid:CNNVD-200707-441
Trust: 0.6
db:VULHUBid:VHN-27379
Trust: 0.1
db:PACKETSTORMid:57912
Trust: 0.1
sources:
            
            
            VULHUB: VHN-27379 // 
            
            
            
            BID: 24975 // 
            
            
            
            JVNDB: JVNDB-2007-002414 // 
            
            
            
            PACKETSTORM: 57912 // 
            
            
            
            CNNVD: CNNVD-200707-441 // 
            
            
            
            NVD: CVE-2007-4017

REFERENCES
url:http://support.citrix.com/article/ctx113817
Trust: 2.1
url:http://support.citrix.com/article/ctx114028
Trust: 1.8
url:http://www.securityfocus.com/bid/24975
Trust: 1.7
url:http://osvdb.org/37841
Trust: 1.7
url:http://www.securitytracker.com/id?1018435
Trust: 1.7
url:http://secunia.com/advisories/26143
Trust: 1.7
url:http://www.vupen.com/english/advisories/2007/2583
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/35513
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4017
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4017
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2007/2583
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/35513
Trust: 0.6
url:http://support.citrix.com/article/ctx113814
Trust: 0.4
url:http://support.citrix.com/article/ctx113815
Trust: 0.4
url:http://support.citrix.com/article/ctx113816
Trust: 0.4
url:/archive/1/482626
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/6168/
Trust: 0.1
url:http://secunia.com/network_software_inspector/
Trust: 0.1
url:http://secunia.com/advisories/26143/
Trust: 0.1
url:http://support.citrix.com/article/ctx112803
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-27379 // 
            
            
            
            BID: 24975 // 
            
            
            
            JVNDB: JVNDB-2007-002414 // 
            
            
            
            PACKETSTORM: 57912 // 
            
            
            
            CNNVD: CNNVD-200707-441 // 
            
            
            
            NVD: CVE-2007-4017

CREDITS
Martin O'NealPaul Johnston
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200707-441

SOURCES
db:VULHUBid:VHN-27379
db:BIDid:24975
db:JVNDBid:JVNDB-2007-002414
db:PACKETSTORMid:57912
db:CNNVDid:CNNVD-200707-441
db:NVDid:CVE-2007-4017

LAST UPDATE DATE
2025-04-10T23:13:15.763000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-27379date:2017-07-29T00:00:00
db:BIDid:24975date:2016-07-05T22:00:00
db:JVNDBid:JVNDB-2007-002414date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200707-441date:2007-07-30T00:00:00
db:NVDid:CVE-2007-4017date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-27379date:2007-07-26T00:00:00
db:BIDid:24975date:2007-07-19T00:00:00
db:JVNDBid:JVNDB-2007-002414date:2012-06-26T00:00:00
db:PACKETSTORMid:57912date:2007-07-21T02:11:22
db:CNNVDid:CNNVD-200707-441date:2007-07-25T00:00:00
db:NVDid:CVE-2007-4017date:2007-07-26T01:30:00