PT-2016-2698 · Citrix · Citrix Netscaler Application Delivery Controller+1

Published

2016-02-17

·

Updated

2016-12-03

·

CVE-2016-2071

CVSS v3.1

10

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions 11.x before 11.0 Build 64.34 Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions 10.5 before 10.5 Build 59.13 Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions 10.5.e before Build 59.1305.e
Description The issue is related to insufficient access control in the Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway, allowing remote attackers to gain privileges via unspecified NS Web GUI commands. This can enable a remote attacker to elevate their privileges.
Recommendations For versions 11.x before 11.0 Build 64.34, update to Build 64.34 or later. For versions 10.5 before 10.5 Build 59.13, update to Build 59.13 or later. For versions 10.5.e before Build 59.1305.e, update to Build 59.1305.e or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2016-02090
CVE-2016-2071

Affected Products

Citrix Netscaler Application Delivery Controller
Netscaler Gateway