Details of VAR-201403-0148

ID

VAR-201403-0148

CVE

CVE-2013-6941

TITLE

Citrix NetScaler Application Delivery Controller Shell in " Breakout " Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-006144

DESCRIPTION

Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows users to "breakout" of the shell via unknown vectors. Citrix NetScaler is prone to an unspecified security vulnerability. The impact of this issue is currently unknown. We will update this BID when more information emerges. Versions prior to Citrix NetScaler Application Delivery Controller running firmware versions 10.1-118.7, 10.0-77.5, and 9.3-64.4. are vulnerable. This solution is mainly used to optimize, secure and control the delivery of various enterprise services and cloud services. An attacker could exploit this vulnerability to bypass the restricted shell and gain access to the file system

Trust: 1.98

sources: NVD: CVE-2013-6941 // JVNDB: JVNDB-2013-006144 // BID: 66014 // VULHUB: VHN-66943

AFFECTED PRODUCTS

vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.1	Trust: 1.6
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	9.3\(1\)	Trust: 1.6
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	9.3.e	Trust: 1.6
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.0	Trust: 1.6
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.0-77.5	Trust: 0.8
vendor:	citrix	model:	netscaler application delivery controller	scope:	lt	version:	9.3.x	Trust: 0.8
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.1-118.7	Trust: 0.8
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	9.3-64.4	Trust: 0.8
vendor:	citrix	model:	netscaler application delivery controller	scope:	lt	version:	10.0	Trust: 0.8
vendor:	citrix	model:	netscaler application delivery controller	scope:	lt	version:	10.1	Trust: 0.8

sources: JVNDB: JVNDB-2013-006144 // CNNVD: CNNVD-201403-188 // NVD: CVE-2013-6941

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6941
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-6941
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201403-188
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-66943
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-6941
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-66943
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-66943 // JVNDB: JVNDB-2013-006144 // CNNVD: CNNVD-201403-188 // NVD: CVE-2013-6941

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-6941

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-188

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201403-188

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-006144

PATCH

title:	CTX139049	url:	http://support.citrix.com/article/CTX139049	Trust: 0.8
title:	agee64-10.1-120.1316.e	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48619	Trust: 0.6
title:	AGEE64-bitPlugin-9.3-64.4	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48617	Trust: 0.6
title:	agee64-10.0-77.5	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48618	Trust: 0.6

sources: JVNDB: JVNDB-2013-006144 // CNNVD: CNNVD-201403-188

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6941	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-006144	Trust: 0.8
db:	CNNVD	id:	CNNVD-201403-188	Trust: 0.7
db:	SECUNIA	id:	57279	Trust: 0.6
db:	BID	id:	66014	Trust: 0.4
db:	VULHUB	id:	VHN-66943	Trust: 0.1

sources: VULHUB: VHN-66943 // BID: 66014 // JVNDB: JVNDB-2013-006144 // CNNVD: CNNVD-201403-188 // NVD: CVE-2013-6941

REFERENCES

url:	http://support.citrix.com/article/ctx139049	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6941	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6941	Trust: 0.8
url:	http://secunia.com/advisories/57279	Trust: 0.6
url:	http://www.citrix.com/	Trust: 0.3

sources: VULHUB: VHN-66943 // BID: 66014 // JVNDB: JVNDB-2013-006144 // CNNVD: CNNVD-201403-188 // NVD: CVE-2013-6941

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 66014

SOURCES

db:	VULHUB	id:	VHN-66943
db:	BID	id:	66014
db:	JVNDB	id:	JVNDB-2013-006144
db:	CNNVD	id:	CNNVD-201403-188
db:	NVD	id:	CVE-2013-6941

LAST UPDATE DATE

2024-11-23T21:45:20.952000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-66943	date:	2014-03-11T00:00:00
db:	BID	id:	66014	date:	2014-03-07T01:10:00
db:	JVNDB	id:	JVNDB-2013-006144	date:	2014-03-12T00:00:00
db:	CNNVD	id:	CNNVD-201403-188	date:	2014-03-12T00:00:00
db:	NVD	id:	CVE-2013-6941	date:	2024-11-21T02:00:01.230

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-66943	date:	2014-03-11T00:00:00
db:	BID	id:	66014	date:	2014-03-05T00:00:00
db:	JVNDB	id:	JVNDB-2013-006144	date:	2014-03-12T00:00:00
db:	CNNVD	id:	CNNVD-201403-188	date:	2014-03-12T00:00:00
db:	NVD	id:	CVE-2013-6941	date:	2014-03-11T13:00:36.233