Details of VAR-201704-1524

ID

VAR-201704-1524

CVE

CVE-2017-7219

TITLE

Citrix NetScaler Gateway Heap overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-003203

DESCRIPTION

A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors. Citrix NetScaler Gateway is prone to a heap-based buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. The following products are affected: Citrix NetScaler Gateway 11.1 prior to 11.1 Build 52.13 Citrix NetScaler Gateway 11.0 prior to 11.0 Build 70.12 Citrix NetScaler Gateway 10.5 prior to 10.5 Build 65.11 Citrix NetScaler Gateway 10.1 prior to 10.1 Build 135.8 Citrix NetScaler Gateway 10.1 prior to 10.1 Build 135.12. This solution provides administrators with application-level and data-level control functions to enable users to remotely access applications and data from any location

Trust: 2.07

sources: NVD: CVE-2017-7219 // JVNDB: JVNDB-2017-003203 // BID: 97626 // VULHUB: VHN-115422 // VULMON: CVE-2017-7219

AFFECTED PRODUCTS

vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	11.1	Trust: 1.9
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	11.0	Trust: 1.9
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.5	Trust: 1.9
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.1	Trust: 1.9
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	11.0 build 70.12	Trust: 0.8
vendor:	citrix	model:	netscaler gateway	scope:	lt	version:	10.5	Trust: 0.8
vendor:	citrix	model:	netscaler gateway	scope:	lt	version:	10.1	Trust: 0.8
vendor:	citrix	model:	netscaler gateway	scope:	lt	version:	11.1	Trust: 0.8
vendor:	citrix	model:	netscaler gateway	scope:	lt	version:	11.0	Trust: 0.8
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	11.1 build 52.13	Trust: 0.8
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.5 build 65.11	Trust: 0.8
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.1 build 135.8/135.12	Trust: 0.8
vendor:	citrix	model:	netscaler gateway build	scope:	ne	version:	11.152.13	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	ne	version:	11.070.12	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	ne	version:	10.565.11	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	ne	version:	10.1135.8	Trust: 0.3
vendor:	citrix	model:	netscaler gateway build	scope:	ne	version:	10.1135.12	Trust: 0.3

sources: BID: 97626 // JVNDB: JVNDB-2017-003203 // CNNVD: CNNVD-201703-913 // NVD: CVE-2017-7219

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-7219
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-7219
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201703-913
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-115422
value:	HIGH
Trust: 0.1
VULMON:	CVE-2017-7219
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-7219
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-115422
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-7219
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-115422 // VULMON: CVE-2017-7219 // JVNDB: JVNDB-2017-003203 // CNNVD: CNNVD-201703-913 // NVD: CVE-2017-7219

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-115422 // JVNDB: JVNDB-2017-003203 // NVD: CVE-2017-7219

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-913

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201703-913

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003203

PATCH

title:	CTX222657	url:	https://support.citrix.com/article/CTX222657	Trust: 0.8
title:	Citrix Security Bulletins: CVE-2017-7219 - Heap Overflow Vulnerability in Citrix NetScaler Gateway Could Result in Arbitrary Code Execution	url:	https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=af212df1e1bcdd960e33f0c7f7331b7a	Trust: 0.1
title:	Awesome CVE PoC	url:	https://github.com/xbl3/awesome-cve-poc_qazbnm456	Trust: 0.1
title:	Awesome CVE PoC	url:	https://github.com/lnick2023/nicenice	Trust: 0.1
title:	Awesome CVE PoC	url:	https://github.com/qazbnm456/awesome-cve-poc	Trust: 0.1

sources: VULMON: CVE-2017-7219 // JVNDB: JVNDB-2017-003203

EXTERNAL IDS

db:	NVD	id:	CVE-2017-7219	Trust: 2.9
db:	BID	id:	97626	Trust: 1.5
db:	SECTRACK	id:	1038283	Trust: 1.2
db:	JVNDB	id:	JVNDB-2017-003203	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-913	Trust: 0.7
db:	SEEBUG	id:	SSVID-93072	Trust: 0.1
db:	VULHUB	id:	VHN-115422	Trust: 0.1
db:	VULMON	id:	CVE-2017-7219	Trust: 0.1

sources: VULHUB: VHN-115422 // VULMON: CVE-2017-7219 // BID: 97626 // JVNDB: JVNDB-2017-003203 // CNNVD: CNNVD-201703-913 // NVD: CVE-2017-7219

REFERENCES

url:	https://support.citrix.com/article/ctx222657	Trust: 2.2
url:	http://www.securityfocus.com/bid/97626	Trust: 1.2
url:	http://www.securitytracker.com/id/1038283	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7219	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7219	Trust: 0.8
url:	http://www.citrix.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/qazbnm456/awesome-cve-poc	Trust: 0.1

sources: VULHUB: VHN-115422 // VULMON: CVE-2017-7219 // BID: 97626 // JVNDB: JVNDB-2017-003203 // CNNVD: CNNVD-201703-913 // NVD: CVE-2017-7219

CREDITS

Alain Mowat

Trust: 0.3

sources: BID: 97626

SOURCES

db:	VULHUB	id:	VHN-115422
db:	VULMON	id:	CVE-2017-7219
db:	BID	id:	97626
db:	JVNDB	id:	JVNDB-2017-003203
db:	CNNVD	id:	CNNVD-201703-913
db:	NVD	id:	CVE-2017-7219

LAST UPDATE DATE

2024-11-23T23:12:27.699000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-115422	date:	2017-07-11T00:00:00
db:	VULMON	id:	CVE-2017-7219	date:	2017-07-11T00:00:00
db:	BID	id:	97626	date:	2017-04-18T00:06:00
db:	JVNDB	id:	JVNDB-2017-003203	date:	2017-05-19T00:00:00
db:	CNNVD	id:	CNNVD-201703-913	date:	2018-10-17T00:00:00
db:	NVD	id:	CVE-2017-7219	date:	2024-11-21T03:31:23.933

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-115422	date:	2017-04-13T00:00:00
db:	VULMON	id:	CVE-2017-7219	date:	2017-04-13T00:00:00
db:	BID	id:	97626	date:	2017-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2017-003203	date:	2017-05-19T00:00:00
db:	CNNVD	id:	CNNVD-201703-913	date:	2017-03-22T00:00:00
db:	NVD	id:	CVE-2017-7219	date:	2017-04-13T14:59:01.900