Details of VAR-201101-0018

ID

VAR-201101-0018

CVE

CVE-2010-4566

TITLE

Citrix Access Gateway of Web An arbitrary command execution vulnerability in the authentication form

Trust: 0.8

sources: JVNDB: JVNDB-2010-003517

DESCRIPTION

The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field. Citrix Access Gateway is a universal SSL VPN device. A remote attacker can inject arbitrary commands and execute with \"root\" user rights. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Citrix Access Gateway Legacy Authentication Command Injection Vulnerability SECUNIA ADVISORY ID: SA42638 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42638/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42638 RELEASE DATE: 2010-12-24 DISCUSS ADVISORY: http://secunia.com/advisories/42638/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42638/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42638 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Citrix Access Gateway, which can be exploited by malicious people to compromise a vulnerable system. Migrate to a different authentication method. PROVIDED AND/OR DISCOVERED BY: George D. Gal, VSR ORIGINAL ADVISORY: Citrix CTX127613: http://support.citrix.com/article/CTX127613 VSR: http://www.vsecurity.com/resources/advisory/20101221-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.61

sources: NVD: CVE-2010-4566 // JVNDB: JVNDB-2010-003517 // CNVD: CNVD-2010-3255 // BID: 45402 // VULHUB: VHN-47171 // PACKETSTORM: 96961

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-3255

AFFECTED PRODUCTS

vendor:	citrix	model:	access gateway	scope:	eq	version:	4.5.6	Trust: 1.6
vendor:	citrix	model:	access gateway	scope:	eq	version:	4.6.3	Trust: 1.6
vendor:	citrix	model:	access gateway	scope:	eq	version:	4.5	Trust: 1.6
vendor:	citrix	model:	access gateway	scope:	eq	version:	4.6.2	Trust: 1.6
vendor:	citrix	model:	access gateway	scope:	eq	version:	4.6.1	Trust: 1.6
vendor:	citrix	model:	access gateway	scope:	eq	version:	4.5.7	Trust: 1.6
vendor:	citrix	model:	access gateway	scope:	eq	version:	4.5.5	Trust: 1.6
vendor:	citrix	model:	access gateway	scope:	eq	version:	9.1-104.5	Trust: 1.0
vendor:	citrix	model:	access gateway	scope:	lte	version:	9.2-49.8	Trust: 1.0
vendor:	citrix	model:	access gateway	scope:	eq	version:	9.0.71.3	Trust: 1.0
vendor:	citrix	model:	access gateway	scope:	eq	version:	8.0	Trust: 1.0
vendor:	citrix	model:	access gateway	scope:	eq	version:	.8.0	Trust: 1.0
vendor:	citrix	model:	access gateway	scope:	eq	version:	8.1-69.4	Trust: 1.0
vendor:	citrix	model:	access gateway vpx	scope:	eq	version:	4.6	Trust: 0.9
vendor:	citrix	model:	access gateway	scope:	lte	version:	enterprise 9.2-49.8	Trust: 0.8
vendor:	citrix	model:	access gateway	scope:	lt	version:	standard and advanced 5.0	Trust: 0.8
vendor:	citrix	model:	access gateway gateway standard edition	scope:	eq	version:	4.5	Trust: 0.6
vendor:	citrix	model:	access gateway gateway standard edition	scope:	eq	version:	4.6	Trust: 0.6
vendor:	citrix	model:	access gateway gateway enterprise edition	scope:	eq	version:	8.0	Trust: 0.6
vendor:	citrix	model:	access gateway gateway enterprise edition	scope:	eq	version:	8.1	Trust: 0.6
vendor:	citrix	model:	access gateway gateway enterprise edition	scope:	eq	version:	9.0	Trust: 0.6
vendor:	citrix	model:	access gateway gateway enterprise edition	scope:	eq	version:	9.1	Trust: 0.6
vendor:	citrix	model:	access gateway gateway enterprise edition	scope:	eq	version:	9.2	Trust: 0.6
vendor:	citrix	model:	access gateway gateway advanced edition	scope:	eq	version:	4.5	Trust: 0.6
vendor:	citrix	model:	access gateway gateway advanced edition	scope:	eq	version:	4.6	Trust: 0.6
vendor:	citrix	model:	access gateway standard edition	scope:	eq	version:	4.6	Trust: 0.3
vendor:	citrix	model:	access gateway standard edition	scope:	eq	version:	4.5	Trust: 0.3
vendor:	citrix	model:	access gateway enterprise edition	scope:	eq	version:	9.2	Trust: 0.3
vendor:	citrix	model:	access gateway enterprise edition	scope:	eq	version:	9.1	Trust: 0.3
vendor:	citrix	model:	access gateway enterprise edition	scope:	eq	version:	9.0	Trust: 0.3
vendor:	citrix	model:	access gateway enterprise edition	scope:	eq	version:	8.1	Trust: 0.3
vendor:	citrix	model:	access gateway enterprise edition	scope:	eq	version:	8.0	Trust: 0.3
vendor:	citrix	model:	access gateway advanced edition	scope:	eq	version:	4.6	Trust: 0.3
vendor:	citrix	model:	access gateway advanced edition	scope:	eq	version:	4.5	Trust: 0.3

sources: CNVD: CNVD-2010-3255 // BID: 45402 // JVNDB: JVNDB-2010-003517 // CNNVD: CNNVD-201101-163 // NVD: CVE-2010-4566

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-4566
value:	HIGH
Trust: 1.0
NVD:	CVE-2010-4566
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201101-163
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-47171
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2010-4566
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-47171
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-47171 // JVNDB: JVNDB-2010-003517 // CNNVD: CNNVD-201101-163 // NVD: CVE-2010-4566

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2010-4566

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201101-163

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201101-163

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-003517

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-47171

PATCH

title:	CTX127613	url:	http://support.citrix.com/article/CTX127613	Trust: 0.8
title:	Citrix Access Gateway does not specify a patch to inject the vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/2127	Trust: 0.6

sources: CNVD: CNVD-2010-3255 // JVNDB: JVNDB-2010-003517

EXTERNAL IDS

db:	NVD	id:	CVE-2010-4566	Trust: 2.8
db:	EXPLOIT-DB	id:	16916	Trust: 1.1
db:	SREASON	id:	8119	Trust: 1.1
db:	SECTRACK	id:	1024893	Trust: 1.1
db:	OSVDB	id:	70099	Trust: 1.1
db:	BID	id:	45402	Trust: 1.0
db:	JVNDB	id:	JVNDB-2010-003517	Trust: 0.8
db:	SECUNIA	id:	42638	Trust: 0.7
db:	CNNVD	id:	CNNVD-201101-163	Trust: 0.7
db:	CNVD	id:	CNVD-2010-3255	Trust: 0.6
db:	NSFOCUS	id:	16191	Trust: 0.6
db:	EXPLOIT-DB	id:	15806	Trust: 0.1
db:	PACKETSTORM	id:	96880	Trust: 0.1
db:	PACKETSTORM	id:	98909	Trust: 0.1
db:	SEEBUG	id:	SSVID-71409	Trust: 0.1
db:	VULHUB	id:	VHN-47171	Trust: 0.1
db:	PACKETSTORM	id:	96961	Trust: 0.1

sources: CNVD: CNVD-2010-3255 // VULHUB: VHN-47171 // BID: 45402 // JVNDB: JVNDB-2010-003517 // PACKETSTORM: 96961 // CNNVD: CNNVD-201101-163 // NVD: CVE-2010-4566

REFERENCES

url:	http://support.citrix.com/article/ctx127613	Trust: 2.1
url:	http://www.exploit-db.com/exploits/16916	Trust: 1.1
url:	http://www.vsecurity.com/resources/advisory/20101221-1	Trust: 1.1
url:	http://www.osvdb.org/70099	Trust: 1.1
url:	http://www.securitytracker.com/id?1024893	Trust: 1.1
url:	http://securityreason.com/securityalert/8119	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4566	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4566	Trust: 0.8
url:	http://secunia.com/advisories/42638/	Trust: 0.7
url:	http://www.nsfocus.net/vulndb/16191	Trust: 0.6
url:	http://www.vsecurity.com/resources/advisory/20101221-1/	Trust: 0.4
url:	http://secunia.com/advisories/42638/#comments	Trust: 0.1
url:	http://secunia.com/products/corporate/evm/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/products/corporate/vim/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=42638	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2010-3255 // VULHUB: VHN-47171 // BID: 45402 // JVNDB: JVNDB-2010-003517 // PACKETSTORM: 96961 // CNNVD: CNNVD-201101-163 // NVD: CVE-2010-4566

CREDITS

George D. Gal <ggal {at} vsecurity.com>

Trust: 0.3

sources: BID: 45402

SOURCES

db:	CNVD	id:	CNVD-2010-3255
db:	VULHUB	id:	VHN-47171
db:	BID	id:	45402
db:	JVNDB	id:	JVNDB-2010-003517
db:	PACKETSTORM	id:	96961
db:	CNNVD	id:	CNNVD-201101-163
db:	NVD	id:	CVE-2010-4566

LAST UPDATE DATE

2025-04-11T23:12:11.613000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-3255	date:	2010-12-16T00:00:00
db:	VULHUB	id:	VHN-47171	date:	2011-09-22T00:00:00
db:	BID	id:	45402	date:	2015-03-19T09:25:00
db:	JVNDB	id:	JVNDB-2010-003517	date:	2012-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201101-163	date:	2011-07-06T00:00:00
db:	NVD	id:	CVE-2010-4566	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-3255	date:	2010-12-16T00:00:00
db:	VULHUB	id:	VHN-47171	date:	2011-01-14T00:00:00
db:	BID	id:	45402	date:	2010-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2010-003517	date:	2012-03-27T00:00:00
db:	PACKETSTORM	id:	96961	date:	2010-12-25T08:42:59
db:	CNNVD	id:	CNNVD-201101-163	date:	2011-01-17T00:00:00
db:	NVD	id:	CVE-2010-4566	date:	2011-01-14T23:00:47.207