Sign-up

ID

VAR-201602-0345


CVE

CVE-2016-2071


TITLE

Citrix NetScaler Application Delivery Controller and NetScaler Gateway Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2016-001702

DESCRIPTION

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands. A security vulnerability exists in Citrix Systems NetScaler ADC and NetScaler Gateway

Trust: 1.8

sources: NVD: CVE-2016-2071 // JVNDB: JVNDB-2016-001702 // VULHUB: VHN-90890 // VULMON: CVE-2016-2071

AFFECTED PRODUCTS

vendor:citrixmodel:netscalerscope:eqversion:10.5e

Trust: 1.0

vendor:citrixmodel:netscalerscope:eqversion:11.0

Trust: 1.0

vendor:citrixmodel:netscalerscope:eqversion:10.5

Trust: 1.0

vendor:citrixmodel:netscaler gatewayscope:ltversion:10.5

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:11.x

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.5.e build 59.1305.e

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:11.0 build 64.34

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:ltversion:11.x

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:ltversion:10.5.e

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope: - version: -

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.5 build 59.13

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.5.e build 59.1305.e

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:10.5.e

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:11.0 build 64.34

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope: - version: -

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.5 build 59.13

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:10.5

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion: -

Trust: 0.6

vendor:citrixmodel:netscaler gatewayscope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2016-001702 // CNNVD: CNNVD-201602-320 // NVD: CVE-2016-2071

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-2071
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-2071
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201602-320
value: CRITICAL

Trust: 0.6

VULHUB: VHN-90890
value: HIGH

Trust: 0.1

VULMON: CVE-2016-2071
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-2071
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-90890
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-2071
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-90890 // VULMON: CVE-2016-2071 // JVNDB: JVNDB-2016-001702 // CNNVD: CNNVD-201602-320 // NVD: CVE-2016-2071

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-90890 // JVNDB: JVNDB-2016-001702 // NVD: CVE-2016-2071

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-320

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201602-320

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001702

PATCH
title:CTX206001url:http://support.citrix.com/article/CTX206001
Trust: 0.8
title:Citrix Systems NetScaler Application Delivery Controller  and NetScaler Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60256
Trust: 0.6
title:Citrix Security Bulletins: Citrix NetScaler Application Delivery Controller and NetScaler Gateway Multiple Security Updatesurl:https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=35f27983a466a44995cc8bdefe90f69a
Trust: 0.1
sources:
            
            
            VULMON: CVE-2016-2071 // 
            
            
            
            JVNDB: JVNDB-2016-001702 // 
            
            
            
            CNNVD: CNNVD-201602-320

EXTERNAL IDS
db:NVDid:CVE-2016-2071
Trust: 2.6
db:SECTRACKid:1035098
Trust: 1.2
db:JVNDBid:JVNDB-2016-001702
Trust: 0.8
db:CNNVDid:CNNVD-201602-320
Trust: 0.7
db:VULHUBid:VHN-90890
Trust: 0.1
db:BIDid:83226
Trust: 0.1
db:VULMONid:CVE-2016-2071
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90890 // 
            
            
            
            VULMON: CVE-2016-2071 // 
            
            
            
            JVNDB: JVNDB-2016-001702 // 
            
            
            
            CNNVD: CNNVD-201602-320 // 
            
            
            
            NVD: CVE-2016-2071

REFERENCES
url:http://support.citrix.com/article/ctx206001
Trust: 1.9
url:http://www.securitytracker.com/id/1035098
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2071
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2071
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/264.html
Trust: 0.1
url:https://www.securityfocus.com/bid/83226
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90890 // 
            
            
            
            VULMON: CVE-2016-2071 // 
            
            
            
            JVNDB: JVNDB-2016-001702 // 
            
            
            
            CNNVD: CNNVD-201602-320 // 
            
            
            
            NVD: CVE-2016-2071

SOURCES
db:VULHUBid:VHN-90890
db:VULMONid:CVE-2016-2071
db:JVNDBid:JVNDB-2016-001702
db:CNNVDid:CNNVD-201602-320
db:NVDid:CVE-2016-2071

LAST UPDATE DATE
2024-11-23T22:01:34.041000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90890date:2016-12-03T00:00:00
db:VULMONid:CVE-2016-2071date:2016-12-03T00:00:00
db:JVNDBid:JVNDB-2016-001702date:2016-03-15T00:00:00
db:CNNVDid:CNNVD-201602-320date:2016-02-18T00:00:00
db:NVDid:CVE-2016-2071date:2024-11-21T02:47:44.883

SOURCES RELEASE DATE
db:VULHUBid:VHN-90890date:2016-02-17T00:00:00
db:VULMONid:CVE-2016-2071date:2016-02-17T00:00:00
db:JVNDBid:JVNDB-2016-001702date:2016-03-15T00:00:00
db:CNNVDid:CNNVD-201602-320date:2016-02-18T00:00:00
db:NVDid:CVE-2016-2071date:2016-02-17T15:59:04.767