Details of VAR-201304-0403

ID

VAR-201304-0403

CVE

CVE-2013-2767

TITLE

Citrix NetScaler and Access Gateway Enterprise Edition unauthorized access to network resources vulnerability

Trust: 0.8

sources: CERT/CC: VU#521612

DESCRIPTION

Unspecified vulnerability in Citrix NetScaler Access Gateway Enterprise Edition (AGEE) before 9.3.62.4 and 10.x through 10.0.74.4, and NetScaler AGEE Common Criteria build before 9.3.53.6, allows remote attackers to bypass intended intranet access restrictions via unknown vectors. This may aid in further attacks

Trust: 3.24

sources: NVD: CVE-2013-2767 // CERT/CC: VU#521612 // JVNDB: JVNDB-2013-002478 // CNVD: CNVD-2013-04456 // BID: 59491 // VULHUB: VHN-62769

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-04456

AFFECTED PRODUCTS

vendor:	citrix	model:	netscaler access gateway	scope:	eq	version:	10.0	Trust: 1.6
vendor:	citrix	model:	netscaler access gateway	scope:	eq	version:	9.2	Trust: 1.6
vendor:	citrix	model:	netscaler access gateway	scope:	eq	version:	9.3	Trust: 1.6
vendor:	citrix	model:	netscaler access gateway	scope:	eq	version:	10.0.74.4	Trust: 1.6
vendor:	citrix	model:	netscaler access gateway	scope:	eq	version:	9.1	Trust: 1.6
vendor:	citrix	model:	netscaler access gateway	scope:	lte	version:	9.3.61.5	Trust: 1.0
vendor:	citrix	model:	netscaler access gateway	scope:	eq	version:	-	Trust: 1.0
vendor:	citrix	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	citrix	model:	netscaler gateway	scope:	-	version:	-	Trust: 0.8
vendor:	citrix	model:	netscaler gateway	scope:	lte	version:	version 10.0.74.4 10.0 system	Trust: 0.8
vendor:	citrix	model:	netscaler gateway	scope:	lte	version:	version 9.3.61.5	Trust: 0.8
vendor:	citrix	model:	netscaler access gateway enterprise	scope:	eq	version:	9.3.61.5	Trust: 0.6
vendor:	citrix	model:	netscaler access gateway	scope:	eq	version:	9.3.61.5	Trust: 0.6

sources: CERT/CC: VU#521612 // CNVD: CNVD-2013-04456 // JVNDB: JVNDB-2013-002478 // CNNVD: CNNVD-201304-547 // NVD: CVE-2013-2767

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2013-2767
value:	MEDIUM
Trust: 1.6
nvd@nist.gov:	CVE-2013-2767
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2013-04456
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201304-547
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-62769
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-2767
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
NVD:	CVE-2013-2767
severity:	MEDIUM
baseScore:	5.4
vectorString:	NONE
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2013-04456
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-62769
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#521612 // CNVD: CNVD-2013-04456 // VULHUB: VHN-62769 // JVNDB: JVNDB-2013-002478 // CNNVD: CNNVD-201304-547 // NVD: CVE-2013-2767

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-2767

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-547

TYPE

Design Error

Trust: 0.3

sources: BID: 59491

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002478

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#521612

PATCH

title:	Vulnerability in Citrix NetScaler Access Gateway Enterprise Edition Could Result in Unauthorized Access to Network Resources (CTX137238)	url:	http://support.citrix.com/article/ctx137238	Trust: 0.8
title:	NetScaler ADC - Firmware	url:	https://www.citrix.com/downloads/netscaler-adc/firmware.html	Trust: 0.8
title:	Citrix NetScaler and Access Gateway are not authorized to access vulnerable patches	url:	https://www.cnvd.org.cn/patchInfo/show/33692	Trust: 0.6

sources: CNVD: CNVD-2013-04456 // JVNDB: JVNDB-2013-002478

EXTERNAL IDS

db:	CERT/CC	id:	VU#521612	Trust: 4.2
db:	NVD	id:	CVE-2013-2767	Trust: 3.4
db:	BID	id:	59491	Trust: 1.0
db:	JVN	id:	JVNVU95943552	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-002478	Trust: 0.8
db:	CNVD	id:	CNVD-2013-04456	Trust: 0.6
db:	CNNVD	id:	CNNVD-201304-547	Trust: 0.6
db:	VULHUB	id:	VHN-62769	Trust: 0.1

sources: CERT/CC: VU#521612 // CNVD: CNVD-2013-04456 // VULHUB: VHN-62769 // BID: 59491 // JVNDB: JVNDB-2013-002478 // CNNVD: CNNVD-201304-547 // NVD: CVE-2013-2767

REFERENCES

url:	http://support.citrix.com/article/ctx137238	Trust: 3.6
url:	http://www.kb.cert.org/vuls/id/521612	Trust: 3.4
url:	https://www.citrix.com/downloads/netscaler-adc/firmware.html	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2767	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu95943552/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2767	Trust: 0.8
url:	http://www.citrix.com	Trust: 0.3

sources: CERT/CC: VU#521612 // CNVD: CNVD-2013-04456 // VULHUB: VHN-62769 // BID: 59491 // JVNDB: JVNDB-2013-002478 // CNNVD: CNNVD-201304-547 // NVD: CVE-2013-2767

CREDITS

HyeongKwan Lee of SK

Trust: 0.3

sources: BID: 59491

SOURCES

db:	CERT/CC	id:	VU#521612
db:	CNVD	id:	CNVD-2013-04456
db:	VULHUB	id:	VHN-62769
db:	BID	id:	59491
db:	JVNDB	id:	JVNDB-2013-002478
db:	CNNVD	id:	CNNVD-201304-547
db:	NVD	id:	CVE-2013-2767

LAST UPDATE DATE

2024-11-23T23:12:49.571000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#521612	date:	2013-04-25T00:00:00
db:	CNVD	id:	CNVD-2013-04456	date:	2013-05-28T00:00:00
db:	VULHUB	id:	VHN-62769	date:	2013-05-02T00:00:00
db:	BID	id:	59491	date:	2013-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2013-002478	date:	2013-04-30T00:00:00
db:	CNNVD	id:	CNNVD-201304-547	date:	2013-04-26T00:00:00
db:	NVD	id:	CVE-2013-2767	date:	2024-11-21T01:52:20.170

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#521612	date:	2013-04-25T00:00:00
db:	CNVD	id:	CNVD-2013-04456	date:	2013-04-28T00:00:00
db:	VULHUB	id:	VHN-62769	date:	2013-04-25T00:00:00
db:	BID	id:	59491	date:	2013-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2013-002478	date:	2013-04-30T00:00:00
db:	CNNVD	id:	CNNVD-201304-547	date:	2013-04-26T00:00:00
db:	NVD	id:	CVE-2013-2767	date:	2013-04-25T20:55:10.003