PT-2009-4662 · Citrix · Citrix Netscaler Access Gateway
Published
2009-06-25
·
Updated
2024-01-09
·
CVE-2009-2213
CVSS v2.0
6.3
Medium
| Vector | AV:N/AC:M/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware versions 9.0, 8.1, and earlier
Description
The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions.
Recommendations
For versions 9.0, 8.1, and earlier, change the Default Authorization Action option from Allow to a more restrictive setting to prevent bypassing of intended access restrictions.
As a temporary workaround, consider restricting access to sensitive resources until the configuration is updated.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Citrix Netscaler Access Gateway