Sign-up

ID

VAR-201411-0466


CVE

CVE-2014-8580


TITLE

Citrix NetScaler Application Delivery Controller and NetScaler Gateway Vulnerability in accessing network resources of other users

Trust: 0.8

sources: JVNDB: JVNDB-2014-005311

DESCRIPTION

Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.10 before 10.5-52.11, 10.1.122.17 before 10.1-129.11, and 10.1-120.1316.e before 10.1-129.1105.e, when using unspecified configurations, allows remote authenticated users to access "network resources" of other users via unknown vectors. The following products and versions are affected: Citrix NetScaler ADC and NetScaler Gateway versions 10.5.50.10 and 10.5.51.10, 10.1.122.17 through 10.1.128.8, 10.1-120.1316.e through 10.1-128.8003.e

Trust: 1.98

sources: NVD: CVE-2014-8580 // JVNDB: JVNDB-2014-005311 // BID: 71350 // VULHUB: VHN-76525

AFFECTED PRODUCTS

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.5.51.10

Trust: 1.9

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.5.50.10

Trust: 1.9

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.5.51.10

Trust: 1.9

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.5.50.10

Trust: 1.9

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.1.128

Trust: 1.6

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.1.125

Trust: 1.6

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.1.127

Trust: 1.6

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.1.124

Trust: 1.6

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.1.126

Trust: 1.6

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.1.129

Trust: 1.6

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.1.123

Trust: 1.0

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1.123

Trust: 1.0

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1.126

Trust: 1.0

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1.128

Trust: 1.0

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.1.122

Trust: 1.0

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1.122

Trust: 1.0

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1.129

Trust: 1.0

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1.127

Trust: 1.0

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1.120.1316.e

Trust: 1.0

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.1.120.1316.e

Trust: 1.0

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.1.121

Trust: 1.0

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1.124

Trust: 1.0

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1.125

Trust: 1.0

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1.121

Trust: 1.0

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:10.1-120.1316.e thats all 10.1-129.1105.e

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:10.1.122.17 thats all 10.1-129.11

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:10.5.50.10 thats all 10.5-52.11

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:ltversion:10.1-120.1316.e thats all 10.1-129.1105.e

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:ltversion:10.1.122.17 thats all 10.1-129.11

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:ltversion:10.5.50.10 thats all 10.5-52.11

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1.128.8

Trust: 0.3

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1.122.17

Trust: 0.3

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1-128.8003

Trust: 0.3

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1-120.1316

Trust: 0.3

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.1.128.8

Trust: 0.3

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.1.122.17

Trust: 0.3

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.1-128.8003

Trust: 0.3

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.1-120.1316

Trust: 0.3

sources: BID: 71350 // JVNDB: JVNDB-2014-005311 // CNNVD: CNNVD-201411-118 // NVD: CVE-2014-8580

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8580
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-8580
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201411-118
value: MEDIUM

Trust: 0.6

VULHUB: VHN-76525
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-8580
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-76525
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-76525 // JVNDB: JVNDB-2014-005311 // CNNVD: CNNVD-201411-118 // NVD: CVE-2014-8580

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-76525 // JVNDB: JVNDB-2014-005311 // NVD: CVE-2014-8580

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201411-118

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201411-118

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-005311

PATCH
title:CTX200254url:http://support.citrix.com/article/CTX200254
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-005311

EXTERNAL IDS
db:NVDid:CVE-2014-8580
Trust: 2.8
db:SECUNIAid:62114
Trust: 1.1
db:SECTRACKid:1031212
Trust: 1.1
db:JVNDBid:JVNDB-2014-005311
Trust: 0.8
db:CNNVDid:CNNVD-201411-118
Trust: 0.7
db:BIDid:71350
Trust: 0.4
db:VULHUBid:VHN-76525
Trust: 0.1
sources:
            
            
            VULHUB: VHN-76525 // 
            
            
            
            BID: 71350 // 
            
            
            
            JVNDB: JVNDB-2014-005311 // 
            
            
            
            CNNVD: CNNVD-201411-118 // 
            
            
            
            NVD: CVE-2014-8580

REFERENCES
url:http://support.citrix.com/article/ctx200254
Trust: 2.0
url:http://www.securitytracker.com/id/1031212
Trust: 1.1
url:http://secunia.com/advisories/62114
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/98661
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8580
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8580
Trust: 0.8
url:http://www.citrix.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-76525 // 
            
            
            
            BID: 71350 // 
            
            
            
            JVNDB: JVNDB-2014-005311 // 
            
            
            
            CNNVD: CNNVD-201411-118 // 
            
            
            
            NVD: CVE-2014-8580

CREDITS
Vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 71350

SOURCES
db:VULHUBid:VHN-76525
db:BIDid:71350
db:JVNDBid:JVNDB-2014-005311
db:CNNVDid:CNNVD-201411-118
db:NVDid:CVE-2014-8580

LAST UPDATE DATE
2024-11-23T22:35:01.285000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-76525date:2017-09-08T00:00:00
db:BIDid:71350date:2014-11-12T00:00:00
db:JVNDBid:JVNDB-2014-005311date:2014-11-11T00:00:00
db:CNNVDid:CNNVD-201411-118date:2014-11-14T00:00:00
db:NVDid:CVE-2014-8580date:2024-11-21T02:19:22.360

SOURCES RELEASE DATE
db:VULHUBid:VHN-76525date:2014-11-07T00:00:00
db:BIDid:71350date:2014-11-12T00:00:00
db:JVNDBid:JVNDB-2014-005311date:2014-11-11T00:00:00
db:CNNVDid:CNNVD-201411-118date:2014-11-14T00:00:00
db:NVDid:CVE-2014-8580date:2014-11-07T19:55:04.697