PT-2016-2698 · Citrix · Citrix Netscaler Application Delivery Controller+1

Publicado

2016-02-17

·

Atualizado

2016-12-03

·

CVE-2016-2071

CVSS v3.1

10

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions 11.x before 11.0 Build 64.34 Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions 10.5 before 10.5 Build 59.13 Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions 10.5.e before Build 59.1305.e
Description The issue is related to insufficient access control in the Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway, allowing remote attackers to gain privileges via unspecified NS Web GUI commands. This can enable a remote attacker to elevate their privileges.
Recommendations For versions 11.x before 11.0 Build 64.34, update to Build 64.34 or later. For versions 10.5 before 10.5 Build 59.13, update to Build 59.13 or later. For versions 10.5.e before Build 59.1305.e, update to Build 59.1305.e or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

BDU:2016-02090
CVE-2016-2071

Produtos afetados

Citrix Netscaler Application Delivery Controller
Netscaler Gateway