Vulnerability CVE-2010-4566


Published: 2011-01-14   Modified: 2012-02-13

Description:
The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Citrix Access Gateway Command Injection Vulnerability
George D. Gal
29.12.2010
High
Citrix Access Gateway Command Execution
metasploit
07.03.2011

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Citrix -> Access gateway 

 References:
http://www.vsecurity.com/resources/advisory/20101221-1
http://www.securitytracker.com/id?1024893
http://www.osvdb.org/70099
http://www.exploit-db.com/exploits/16916
http://support.citrix.com/article/CTX127613
http://securityreason.com/securityalert/8119

Copyright 2024, cxsecurity.com

 

Back to Top