George D. Gal

**Name of the Vulnerable Software and Affected Versions** Citrix Access Gateway Enterprise Edition versions 9.2 through 9.2-49.8 Citrix Access Gateway Standard and Advanced Editions versions prior to 5.0 **Description** The issue allows attackers to execute arbitrary commands via shell metacharacters in the `password` field of the web authentication form in the NT4 authentication component. **Recommendations** For Citrix Access Gateway Enterprise Edition versions 9.2 through 9.2-49.8, update to a version later than 9.2-49.8. For Citrix Access Gateway Standard and Advanced Editions versions prior to 5.0, update to version 5.0 or later. As a temporary workaround, consider restricting access to the web authentication form to minimize the risk of exploitation.