Sign-up

ID

VAR-200906-0241


CVE

CVE-2009-2213


TITLE

Citrix NetScaler Access Gateway  appliance  Security  Vulnerability to bypass access restrictions in default settings of global settings

Trust: 0.8

sources: JVNDB: JVNDB-2009-003549

DESCRIPTION

The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions. Citrix NetScaler Access Gateway is prone to a vulnerability that can allow an attacker to gain unauthorized access to network resources, which may help in other attacks. This issue affects NetScaler Access Gateway Enterprise Edition with firmware 8.1 and earlier. NOTE: Appliances running version 9.0 that were upgraded from a previous version are also affected

Trust: 1.98

sources: NVD: CVE-2009-2213 // JVNDB: JVNDB-2009-003549 // BID: 35422 // VULHUB: VHN-39659

AFFECTED PRODUCTS

vendor:citrixmodel:netscaler access gatewayscope:eqversion:8.0

Trust: 1.6

vendor:citrixmodel:netscaler access gatewayscope:eqversion:9.0

Trust: 1.6

vendor:citrixmodel:netscaler access gatewayscope:eqversion:7.0

Trust: 1.6

vendor:citrixmodel:netscaler access gatewayscope:lteversion:8.1

Trust: 1.0

vendor:citrixmodel:netscaler access gatewayscope:eqversion: -

Trust: 1.0

vendor:シトリックス システムズmodel:netscaler access gatewayscope: - version: -

Trust: 0.8

vendor:シトリックス システムズmodel:netscaler gatewayscope:eqversion: -

Trust: 0.8

vendor:citrixmodel:netscaler access gatewayscope:eqversion:8.1

Trust: 0.6

vendor:citrixmodel:netscaler access gateway enterprise editionscope:eqversion:8.1

Trust: 0.3

sources: BID: 35422 // JVNDB: JVNDB-2009-003549 // CNNVD: CNNVD-200906-402 // NVD: CVE-2009-2213

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-2213
value: MEDIUM

Trust: 1.0

NVD: CVE-2009-2213
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200906-402
value: MEDIUM

Trust: 0.6

VULHUB: VHN-39659
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2009-2213
severity: MEDIUM
baseScore: 6.3
vectorString: AV:N/AC:M/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-39659
severity: MEDIUM
baseScore: 6.3
vectorString: AV:N/AC:M/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2009-2213
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2009-2213
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-39659 // JVNDB: JVNDB-2009-003549 // CNNVD: CNNVD-200906-402 // NVD: CVE-2009-2213

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.0

problemtype:Illegal authentication (CWE-863) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-16

Trust: 0.1

sources: VULHUB: VHN-39659 // JVNDB: JVNDB-2009-003549 // NVD: CVE-2009-2213

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200906-402

TYPE

Configuration Error

Trust: 0.9

sources: BID: 35422 // CNNVD: CNNVD-200906-402

PATCH

title:CTX118770url:http://support.citrix.com/article/CTX118770

Trust: 0.8

sources: JVNDB: JVNDB-2009-003549

EXTERNAL IDS

db:NVDid:CVE-2009-2213

Trust: 3.3

db:BIDid:35422

Trust: 2.0

db:VUPENid:ADV-2009-1641

Trust: 1.7

db:JVNDBid:JVNDB-2009-003549

Trust: 0.8

db:XFid:51274

Trust: 0.6

db:CNNVDid:CNNVD-200906-402

Trust: 0.6

db:VULHUBid:VHN-39659

Trust: 0.1

sources: VULHUB: VHN-39659 // BID: 35422 // JVNDB: JVNDB-2009-003549 // CNNVD: CNNVD-200906-402 // NVD: CVE-2009-2213

REFERENCES

url:http://support.citrix.com/article/ctx118770

Trust: 2.0

url:http://www.securityfocus.com/bid/35422

Trust: 1.7

url:http://www.vupen.com/english/advisories/2009/1641

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/51274

Trust: 1.1

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2213

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/51274

Trust: 0.6

url:http://www.citrix.com/english/ps2/products/product.asp?contentid=21679

Trust: 0.3

sources: VULHUB: VHN-39659 // BID: 35422 // JVNDB: JVNDB-2009-003549 // CNNVD: CNNVD-200906-402 // NVD: CVE-2009-2213

CREDITS

Security Assurance Team of the National Australia Bank

Trust: 0.3

sources: BID: 35422

SOURCES

db:VULHUBid:VHN-39659
db:BIDid:35422
db:JVNDBid:JVNDB-2009-003549
db:CNNVDid:CNNVD-200906-402
db:NVDid:CVE-2009-2213

LAST UPDATE DATE

2024-11-23T22:43:02.987000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-39659date:2017-08-17T00:00:00
db:BIDid:35422date:2009-06-18T14:09:00
db:JVNDBid:JVNDB-2009-003549date:2024-02-21T05:45:00
db:CNNVDid:CNNVD-200906-402date:2009-06-30T00:00:00
db:NVDid:CVE-2009-2213date:2024-11-21T01:04:24.067

SOURCES RELEASE DATE

db:VULHUBid:VHN-39659date:2009-06-25T00:00:00
db:BIDid:35422date:2009-05-05T00:00:00
db:JVNDBid:JVNDB-2009-003549date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200906-402date:2009-06-25T00:00:00
db:NVDid:CVE-2009-2213date:2009-06-25T23:14:15.657