CVE-2010-4566

Name of the Vulnerable Software and Affected Versions Citrix Access Gateway Enterprise Edition versions 9.2 through 9.2-49.8 Citrix Access Gateway Standard and Advanced Editions versions prior to 5.0

Description The issue allows attackers to execute arbitrary commands via shell metacharacters in the password field of the web authentication form in the NT4 authentication component.

Recommendations For Citrix Access Gateway Enterprise Edition versions 9.2 through 9.2-49.8, update to a version later than 9.2-49.8. For Citrix Access Gateway Standard and Advanced Editions versions prior to 5.0, update to version 5.0 or later. As a temporary workaround, consider restricting access to the web authentication form to minimize the risk of exploitation.