Sign-up

ID

VAR-200806-0133


CVE

CVE-2008-2528


TITLE

Citrix Access Gateway Standard Edition and Advanced Edition Network resource access vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2008-003121

DESCRIPTION

Unspecified vulnerability in Citrix Access Gateway Standard Edition 4.5.7 and earlier and Advanced Edition 4.5 HF2 and earlier allows attackers to bypass authentication and gain "access to network resources" via unspecified vectors. ---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta The Public Beta has ended. Thanks to all that participated. 4.5.7 Rev A: http://support.citrix.com/article/CTX116762 4.5.5, 4.5.6 and 4.5.7 patch: http://support.citrix.com/article/CTX117001 * may cause custom software configurations to become non-functional PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Citrix (CTX116930): http://support.citrix.com/article/CTX116930 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-2528 // JVNDB: JVNDB-2008-003121 // BID: 29174 // VULHUB: VHN-32653 // PACKETSTORM: 66341

AFFECTED PRODUCTS

vendor:citrixmodel:access gatewayscope:eqversion:4.5.6

Trust: 1.6

vendor:citrixmodel:access gatewayscope:eqversion:4.5.5

Trust: 1.6

vendor:citrixmodel:access gatewayscope:lteversion:4.5

Trust: 1.0

vendor:citrixmodel:access gatewayscope:lteversion:4.5.7

Trust: 1.0

vendor:citrixmodel:access gatewayscope:lteversion:standard edition 4.5.7

Trust: 0.8

vendor:citrixmodel:access gatewayscope:lteversion:advanced edition 4.5 hf2

Trust: 0.8

vendor:citrixmodel:access gatewayscope:eqversion:4.5.7

Trust: 0.6

vendor:citrixmodel:access gatewayscope:eqversion:4.5

Trust: 0.6

vendor:citrixmodel:access gateway standard editionscope:eqversion:4.5.7

Trust: 0.3

vendor:citrixmodel:access gateway standard editionscope:eqversion:4.5.6

Trust: 0.3

vendor:citrixmodel:access gateway standard editionscope:eqversion:4.5.5

Trust: 0.3

vendor:citrixmodel:access gateway standard editionscope:eqversion:4.5

Trust: 0.3

vendor:citrixmodel:access gateway advanced edition hf2scope:eqversion:4.5

Trust: 0.3

vendor:citrixmodel:access gateway standard edition rev ascope:neversion:4.5.7

Trust: 0.3

sources: BID: 29174 // JVNDB: JVNDB-2008-003121 // CNNVD: CNNVD-200806-043 // NVD: CVE-2008-2528

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-2528
value: HIGH

Trust: 1.0

NVD: CVE-2008-2528
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200806-043
value: CRITICAL

Trust: 0.6

VULHUB: VHN-32653
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2008-2528
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-32653
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-32653 // JVNDB: JVNDB-2008-003121 // CNNVD: CNNVD-200806-043 // NVD: CVE-2008-2528

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-32653 // JVNDB: JVNDB-2008-003121 // NVD: CVE-2008-2528

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200806-043

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-200806-043

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-003121

PATCH
title:CTX116930url:http://support.citrix.com/article/CTX116930
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-003121

EXTERNAL IDS
db:NVDid:CVE-2008-2528
Trust: 2.8
db:BIDid:29174
Trust: 2.0
db:SECUNIAid:30175
Trust: 1.8
db:VUPENid:ADV-2008-1474
Trust: 1.7
db:SECTRACKid:1020025
Trust: 1.7
db:JVNDBid:JVNDB-2008-003121
Trust: 0.8
db:XFid:42356
Trust: 0.6
db:CNNVDid:CNNVD-200806-043
Trust: 0.6
db:VULHUBid:VHN-32653
Trust: 0.1
db:PACKETSTORMid:66341
Trust: 0.1
sources:
            
            
            VULHUB: VHN-32653 // 
            
            
            
            BID: 29174 // 
            
            
            
            JVNDB: JVNDB-2008-003121 // 
            
            
            
            PACKETSTORM: 66341 // 
            
            
            
            CNNVD: CNNVD-200806-043 // 
            
            
            
            NVD: CVE-2008-2528

REFERENCES
url:http://support.citrix.com/article/ctx116930
Trust: 2.1
url:http://www.securityfocus.com/bid/29174
Trust: 1.7
url:http://www.securitytracker.com/id?1020025
Trust: 1.7
url:http://secunia.com/advisories/30175
Trust: 1.7
url:http://www.vupen.com/english/advisories/2008/1474/references
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/42356
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2528
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2528
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/42356
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2008/1474/references
Trust: 0.6
url:http://www.citrix.com
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://support.citrix.com/article/ctx117001
Trust: 0.1
url:http://secunia.com/product/6168/
Trust: 0.1
url:http://secunia.com/network_software_inspector_2/
Trust: 0.1
url:http://support.citrix.com/article/ctx116762
Trust: 0.1
url:http://secunia.com/advisories/30175/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-32653 // 
            
            
            
            BID: 29174 // 
            
            
            
            JVNDB: JVNDB-2008-003121 // 
            
            
            
            PACKETSTORM: 66341 // 
            
            
            
            CNNVD: CNNVD-200806-043 // 
            
            
            
            NVD: CVE-2008-2528

CREDITS
Citrix
Trust: 0.9
sources:
            
            
            BID: 29174 // 
            
            
            
            CNNVD: CNNVD-200806-043

SOURCES
db:VULHUBid:VHN-32653
db:BIDid:29174
db:JVNDBid:JVNDB-2008-003121
db:PACKETSTORMid:66341
db:CNNVDid:CNNVD-200806-043
db:NVDid:CVE-2008-2528

LAST UPDATE DATE
2025-04-10T23:15:43.341000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-32653date:2017-08-08T00:00:00
db:BIDid:29174date:2015-05-07T17:28:00
db:JVNDBid:JVNDB-2008-003121date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200806-043date:2009-04-01T00:00:00
db:NVDid:CVE-2008-2528date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-32653date:2008-06-03T00:00:00
db:BIDid:29174date:2008-05-09T00:00:00
db:JVNDBid:JVNDB-2008-003121date:2012-06-26T00:00:00
db:PACKETSTORMid:66341date:2008-05-15T04:56:37
db:CNNVDid:CNNVD-200806-043date:2008-06-03T00:00:00
db:NVDid:CVE-2008-2528date:2008-06-03T15:32:00