Sign-up

ID

VAR-200612-0113


CVE

CVE-2006-6572


TITLE

Citrix AAC Option and Access Gateway with Advanced Access Control Vulnerabilities that bypass access policies

Trust: 0.8

sources: JVNDB: JVNDB-2006-001757

DESCRIPTION

Unspecified vulnerability in Citrix Advanced Access Control (AAC) Option 4.0, and Access Gateway 4.2 with Advanced Access Control 4.2, before 20061114, when the Browser-Only access feature is enabled, allows remote authenticated users to bypass access policies via a certain login method, a different issue than CVE-2006-4846. NOTE: some of these details are obtained from third party information. Citrix Access Gateway is prone to multiple vulnerabilities. Exploiting these issues may allow attackers to gain unauthorized access to certain resources. This BID will be updated when more details become available. ---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. SOLUTION: Apply hotfix AACE400W004: http://support.citrix.com/article/CTX110293 PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Citrix: http://support.citrix.com/article/CTX111614 http://support.citrix.com/article/CTX111615 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-6572 // JVNDB: JVNDB-2006-001757 // BID: 21080 // VULHUB: VHN-22680 // PACKETSTORM: 52117

AFFECTED PRODUCTS

vendor:citrixmodel:access gatewayscope:eqversion:4.2

Trust: 2.4

vendor:citrixmodel:access gatewayscope:eqversion:4.0

Trust: 1.6

vendor:citrixmodel:access gateway aacscope:eqversion:4.0

Trust: 0.3

vendor:citrixmodel:access gateway aacscope:eqversion:4.2

Trust: 0.3

sources: BID: 21080 // JVNDB: JVNDB-2006-001757 // CNNVD: CNNVD-200612-363 // NVD: CVE-2006-6572

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-6572
value: MEDIUM

Trust: 1.0

NVD: CVE-2006-6572
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200612-363
value: MEDIUM

Trust: 0.6

VULHUB: VHN-22680
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-6572
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-22680
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-22680 // JVNDB: JVNDB-2006-001757 // CNNVD: CNNVD-200612-363 // NVD: CVE-2006-6572

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-6572

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200612-363

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200612-363

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-001757

PATCH
title:CTX111615url:http://support.citrix.com/article/CTX111615
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-001757

EXTERNAL IDS
db:NVDid:CVE-2006-6572
Trust: 2.8
db:BIDid:21080
Trust: 2.0
db:SECUNIAid:22909
Trust: 1.8
db:VUPENid:ADV-2006-4525
Trust: 1.7
db:SECTRACKid:1017227
Trust: 1.7
db:JVNDBid:JVNDB-2006-001757
Trust: 0.8
db:CNNVDid:CNNVD-200612-363
Trust: 0.7
db:XFid:30303
Trust: 0.6
db:XFid:30302
Trust: 0.6
db:VULHUBid:VHN-22680
Trust: 0.1
db:PACKETSTORMid:52117
Trust: 0.1
sources:
            
            
            VULHUB: VHN-22680 // 
            
            
            
            BID: 21080 // 
            
            
            
            JVNDB: JVNDB-2006-001757 // 
            
            
            
            PACKETSTORM: 52117 // 
            
            
            
            CNNVD: CNNVD-200612-363 // 
            
            
            
            NVD: CVE-2006-6572

REFERENCES
url:http://support.citrix.com/article/ctx111614
Trust: 2.1
url:http://support.citrix.com/article/ctx111615
Trust: 2.1
url:http://www.securityfocus.com/bid/21080
Trust: 1.7
url:http://securitytracker.com/id?1017227
Trust: 1.7
url:http://secunia.com/advisories/22909
Trust: 1.7
url:http://www.vupen.com/english/advisories/2006/4525
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/30303
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/30302
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6572
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6572
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/30303
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/30302
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2006/4525
Trust: 0.6
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/22909/
Trust: 0.1
url:http://secunia.com/product/6168/
Trust: 0.1
url:http://corporate.secunia.com/products/48/?r=l
Trust: 0.1
url:http://support.citrix.com/article/ctx110293
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://corporate.secunia.com/how_to_buy/15/?r=l
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-22680 // 
            
            
            
            BID: 21080 // 
            
            
            
            JVNDB: JVNDB-2006-001757 // 
            
            
            
            PACKETSTORM: 52117 // 
            
            
            
            CNNVD: CNNVD-200612-363 // 
            
            
            
            NVD: CVE-2006-6572

CREDITS
Citrix
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200612-363

SOURCES
db:VULHUBid:VHN-22680
db:BIDid:21080
db:JVNDBid:JVNDB-2006-001757
db:PACKETSTORMid:52117
db:CNNVDid:CNNVD-200612-363
db:NVDid:CVE-2006-6572

LAST UPDATE DATE
2024-08-14T14:22:34.916000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-22680date:2017-07-29T00:00:00
db:BIDid:21080date:2016-07-06T14:40:00
db:JVNDBid:JVNDB-2006-001757date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200612-363date:2006-12-18T00:00:00
db:NVDid:CVE-2006-6572date:2017-07-29T01:29:36.780

SOURCES RELEASE DATE
db:VULHUBid:VHN-22680date:2006-12-15T00:00:00
db:BIDid:21080date:2006-11-14T00:00:00
db:JVNDBid:JVNDB-2006-001757date:2012-06-26T00:00:00
db:PACKETSTORMid:52117date:2006-11-16T03:19:38
db:CNNVDid:CNNVD-200612-363date:2006-12-15T00:00:00
db:NVDid:CVE-2006-6572date:2006-12-15T11:28:00