PT-2017-3004 · Citrix · Citrix Netscaler Gateway+1

Published

2017-09-25

·

Updated

2019-10-03

·

CVE-2017-14602

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Citrix NetScaler Application Delivery Controller versions 10.1 before build 135.18 Citrix NetScaler Application Delivery Controller versions 10.5 before build 66.9 Citrix NetScaler Application Delivery Controller versions 10.5e before build 60.7010.e Citrix NetScaler Application Delivery Controller versions 11.0 before build 70.16 Citrix NetScaler Application Delivery Controller versions 11.1 before build 55.13 Citrix NetScaler Application Delivery Controller versions 12.0 before build 53.13, excluding build 41.24 Citrix NetScaler Gateway versions 10.1 before build 135.18 Citrix NetScaler Gateway versions 10.5 before build 66.9 Citrix NetScaler Gateway versions 10.5e before build 60.7010.e Citrix NetScaler Gateway versions 11.0 before build 70.16 Citrix NetScaler Gateway versions 11.1 before build 55.13 Citrix NetScaler Gateway versions 12.0 before build 53.13, excluding build 41.24
Description The issue is related to insufficient access restrictions in the management interface of Citrix NetScaler Application Delivery Controller and NetScaler Gateway, which could allow a remote attacker to gain administrative access to the device.
Recommendations For Citrix NetScaler Application Delivery Controller version 10.1, update to build 135.18 or later. For Citrix NetScaler Application Delivery Controller version 10.5, update to build 66.9 or later. For Citrix NetScaler Application Delivery Controller version 10.5e, update to build 60.7010.e or later. For Citrix NetScaler Application Delivery Controller version 11.0, update to build 70.16 or later. For Citrix NetScaler Application Delivery Controller version 11.1, update to build 55.13 or later. For Citrix NetScaler Application Delivery Controller version 12.0, update to build 53.13 or later, excluding build 41.24. For Citrix NetScaler Gateway version 10.1, update to build 135.18 or later. For Citrix NetScaler Gateway version 10.5, update to build 66.9 or later. For Citrix NetScaler Gateway version 10.5e, update to build 60.7010.e or later. For Citrix NetScaler Gateway version 11.0, update to build 70.16 or later. For Citrix NetScaler Gateway version 11.1, update to build 55.13 or later. For Citrix NetScaler Gateway version 12.0, update to build 53.13 or later, excluding build 41.24.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-264

Related Identifiers

BDU:2017-02356
CVE-2017-14602

Affected Products

Citrix Netscaler Application Delivery Controller
Citrix Netscaler Gateway