Sign-up

ID

VAR-201403-0150


CVE

CVE-2013-6943


TITLE

Citrix NetScaler Application Delivery Controller In LDAP Vulnerability to execute injection attack

Trust: 0.8

sources: JVNDB: JVNDB-2013-006146

DESCRIPTION

Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to conduct an LDAP injection attack via vectors related to SSH and Web management usernames. Exploiting this issue could allow an attacker to access or modify data, or exploit latent vulnerabilities in the underlying distributed directory information services. The following versions are vulnerable: Netscaler Application Delivery Controller prior 10.1-118.7 Netscaler Application Delivery Controller prior 10.0-77.5 Netscaler Application Delivery Controller prior 9.3-64.4. This solution is mainly used to optimize, secure and control the delivery of various enterprise services and cloud services. Remote attackers can exploit this vulnerability to implement LDAP injection attacks. The following versions are affected: Citrix NetScaler ADC 9.3.x prior to 9.3-64.4, 10.0, 10.1

Trust: 1.98

sources: NVD: CVE-2013-6943 // JVNDB: JVNDB-2013-006146 // BID: 66043 // VULHUB: VHN-66945

AFFECTED PRODUCTS

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.1

Trust: 1.9

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.0

Trust: 1.9

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:9.3\(1\)

Trust: 1.6

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:9.3.e

Trust: 1.6

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.0-77.5

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:9.3.x

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.1-118.7

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:9.3-64.4

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:10.0

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:10.1

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:9.3

Trust: 0.3

vendor:citrixmodel:netscaler 9.3.escope: - version: -

Trust: 0.3

vendor:citrixmodel:netscalerscope:eqversion:9.3

Trust: 0.3

vendor:citrixmodel:netscalerscope:eqversion:10.1

Trust: 0.3

vendor:citrixmodel:netscalerscope:eqversion:10.0

Trust: 0.3

vendor:citrixmodel:netscaler application delivery controllerscope:neversion:9.3-64.4

Trust: 0.3

vendor:citrixmodel:netscaler application delivery controllerscope:neversion:10.1-118.7

Trust: 0.3

vendor:citrixmodel:netscaler application delivery controllerscope:neversion:10.0-77.5

Trust: 0.3

sources: BID: 66043 // JVNDB: JVNDB-2013-006146 // CNNVD: CNNVD-201403-190 // NVD: CVE-2013-6943

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6943
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6943
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201403-190
value: MEDIUM

Trust: 0.6

VULHUB: VHN-66945
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6943
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-66945
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-66945 // JVNDB: JVNDB-2013-006146 // CNNVD: CNNVD-201403-190 // NVD: CVE-2013-6943

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.9

sources: VULHUB: VHN-66945 // JVNDB: JVNDB-2013-006146 // NVD: CVE-2013-6943

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-190

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201403-190

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-006146

PATCH
title:CTX139049url:http://support.citrix.com/article/CTX139049
Trust: 0.8
title:agee64-10.1-120.1316.eurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48619
Trust: 0.6
title:AGEE64-bitPlugin-9.3-64.4url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48617
Trust: 0.6
title:agee64-10.0-77.5url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48618
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2013-006146 // 
            
            
            
            CNNVD: CNNVD-201403-190

EXTERNAL IDS
db:NVDid:CVE-2013-6943
Trust: 2.8
db:JVNDBid:JVNDB-2013-006146
Trust: 0.8
db:CNNVDid:CNNVD-201403-190
Trust: 0.7
db:SECUNIAid:57279
Trust: 0.6
db:BIDid:66043
Trust: 0.4
db:SEEBUGid:SSVID-61747
Trust: 0.1
db:VULHUBid:VHN-66945
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66945 // 
            
            
            
            BID: 66043 // 
            
            
            
            JVNDB: JVNDB-2013-006146 // 
            
            
            
            CNNVD: CNNVD-201403-190 // 
            
            
            
            NVD: CVE-2013-6943

REFERENCES
url:http://support.citrix.com/article/ctx139049
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6943
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6943
Trust: 0.8
url:http://secunia.com/advisories/57279
Trust: 0.6
url:http://www.citrix.com/english/ps2/products/product.asp?contentid=21679
Trust: 0.3
sources:
            
            
            VULHUB: VHN-66945 // 
            
            
            
            BID: 66043 // 
            
            
            
            JVNDB: JVNDB-2013-006146 // 
            
            
            
            CNNVD: CNNVD-201403-190 // 
            
            
            
            NVD: CVE-2013-6943

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 66043

SOURCES
db:VULHUBid:VHN-66945
db:BIDid:66043
db:JVNDBid:JVNDB-2013-006146
db:CNNVDid:CNNVD-201403-190
db:NVDid:CVE-2013-6943

LAST UPDATE DATE
2024-11-23T21:45:20.861000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-66945date:2014-03-11T00:00:00
db:BIDid:66043date:2014-03-05T00:00:00
db:JVNDBid:JVNDB-2013-006146date:2014-03-12T00:00:00
db:CNNVDid:CNNVD-201403-190date:2014-03-12T00:00:00
db:NVDid:CVE-2013-6943date:2024-11-21T02:00:01.550

SOURCES RELEASE DATE
db:VULHUBid:VHN-66945date:2014-03-11T00:00:00
db:BIDid:66043date:2014-03-05T00:00:00
db:JVNDBid:JVNDB-2013-006146date:2014-03-12T00:00:00
db:CNNVDid:CNNVD-201403-190date:2014-03-12T00:00:00
db:NVDid:CVE-2013-6943date:2014-03-11T13:00:36.247