Sign-up

ID

VAR-201709-0611


CVE

CVE-2017-14602


TITLE

Citrix NetScaler Application Delivery Controller and NetScaler Gateway Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-008632

DESCRIPTION

A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance. Citrix NetScaler ADC and NetScaler Gateway are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism. This may aid in further attacks. The following products are affected: Citrix NetScaler ADC and NetScaler Gateway version 12.0 prior to build 53.13 Citrix NetScaler ADC and NetScaler Gateway version 11.1 prior to build 55.13 Citrix NetScaler ADC and NetScaler Gateway version 11.0 prior to build 70.16 Citrix NetScaler ADC and NetScaler Gateway version 10.5 prior to build 66.9 Citrix NetScaler ADC and NetScaler Gateway version 10.5e prior to build 60.7010.e Citrix NetScaler ADC and NetScaler Gateway version 10.1 prior to build 135.18. The following products and versions are affected: Citrix NetScaler Gateway Release 12.0, Release 11.1, Release 11.0, Release 10.5e, Release 10.5, Release 10.1; NetScaler ADC Release 12.0, Release 11.1, Release 11.0, Release 10.5e, Release 10.5, Release 10.1

Trust: 1.98

sources: NVD: CVE-2017-14602 // JVNDB: JVNDB-2017-008632 // BID: 100980 // VULHUB: VHN-105341

AFFECTED PRODUCTS

vendor:citrixmodel:netscaler gatewayscope:eqversion:12.0

Trust: 1.9

vendor:citrixmodel:netscaler gatewayscope:eqversion:11.1

Trust: 1.9

vendor:citrixmodel:netscaler gatewayscope:eqversion:11.0

Trust: 1.9

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.5

Trust: 1.9

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1

Trust: 1.9

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.5e

Trust: 1.6

vendor:citrixmodel:application delivery controllerscope:eqversion:10.5e

Trust: 1.6

vendor:citrixmodel:application delivery controllerscope:eqversion:11.1

Trust: 1.6

vendor:citrixmodel:application delivery controllerscope:eqversion:11.0

Trust: 1.6

vendor:citrixmodel:application delivery controllerscope:eqversion:12.0

Trust: 1.6

vendor:citrixmodel:application delivery controllerscope:eqversion:10.1

Trust: 1.0

vendor:citrixmodel:application delivery controllerscope:eqversion:10.5

Trust: 1.0

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:11.1 build 55.13

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:11.0 build 70.16

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:11.1

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.5e build 60.7010.e

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.5 build 66.9

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:ltversion:11.1

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:11.0 build 70.16

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.5e build 60.7010.e

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.5 build 66.9

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:12.0 (build 41.24 except for )

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:10.5e

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:10.1

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:10.5

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:ltversion:12.0 (build 41.24 except for )

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:ltversion:10.5e

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:ltversion:10.1

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:11.0

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:ltversion:10.5

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:ltversion:11.0

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:12.0 build 53.13

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.1 build 135.18

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:12.0 build 53.13

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.1 build 135.18

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:11.1 build 55.13

Trust: 0.8

vendor:citrixmodel:netscaler gateway 10.5escope: - version: -

Trust: 0.3

vendor:citrixmodel:netscaler adcscope:eqversion:12.0

Trust: 0.3

vendor:citrixmodel:netscaler adcscope:eqversion:11.1

Trust: 0.3

vendor:citrixmodel:netscaler adcscope:eqversion:11.0

Trust: 0.3

vendor:citrixmodel:netscaler adc 10.5escope: - version: -

Trust: 0.3

vendor:citrixmodel:netscaler adcscope:eqversion:10.5

Trust: 0.3

vendor:citrixmodel:netscaler adcscope:eqversion:10.1

Trust: 0.3

vendor:citrixmodel:netscaler gateway buildscope:neversion:12.053.13

Trust: 0.3

vendor:citrixmodel:netscaler gateway buildscope:neversion:11.155.13

Trust: 0.3

vendor:citrixmodel:netscaler gateway buildscope:neversion:11.070.16

Trust: 0.3

vendor:citrixmodel:netscaler gateway 10.5e buildscope:neversion:60.7010.

Trust: 0.3

vendor:citrixmodel:netscaler gateway buildscope:neversion:10.566.9

Trust: 0.3

vendor:citrixmodel:netscaler gateway buildscope:neversion:10.1135.8

Trust: 0.3

vendor:citrixmodel:netscaler adc buildscope:neversion:12.053.13

Trust: 0.3

vendor:citrixmodel:netscaler adc buildscope:neversion:11.155.13

Trust: 0.3

vendor:citrixmodel:netscaler adc buildscope:neversion:11.070.16

Trust: 0.3

vendor:citrixmodel:netscaler adc 10.5e buildscope:neversion:60.7010.

Trust: 0.3

vendor:citrixmodel:netscaler adc buildscope:neversion:10.566.9

Trust: 0.3

vendor:citrixmodel:netscaler adc buildscope:neversion:10.1135.8

Trust: 0.3

sources: BID: 100980 // JVNDB: JVNDB-2017-008632 // CNNVD: CNNVD-201709-879 // NVD: CVE-2017-14602

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-14602
value: HIGH

Trust: 1.0

NVD: CVE-2017-14602
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201709-879
value: HIGH

Trust: 0.6

VULHUB: VHN-105341
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-14602
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-105341
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-14602
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-105341 // JVNDB: JVNDB-2017-008632 // CNNVD: CNNVD-201709-879 // NVD: CVE-2017-14602

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-105341 // JVNDB: JVNDB-2017-008632 // NVD: CVE-2017-14602

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-879

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201709-879

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-008632

PATCH
title:CTX227928url:https://support.citrix.com/article/CTX227928
Trust: 0.8
title:Citrix Systems NetScaler Application Delivery Controller  and NetScaler Gateway Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=74981
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-008632 // 
            
            
            
            CNNVD: CNNVD-201709-879

EXTERNAL IDS
db:NVDid:CVE-2017-14602
Trust: 2.8
db:BIDid:100980
Trust: 2.0
db:JVNDBid:JVNDB-2017-008632
Trust: 0.8
db:CNNVDid:CNNVD-201709-879
Trust: 0.7
db:AUSCERTid:ESB-2023.1511
Trust: 0.6
db:VULHUBid:VHN-105341
Trust: 0.1
sources:
            
            
            VULHUB: VHN-105341 // 
            
            
            
            BID: 100980 // 
            
            
            
            JVNDB: JVNDB-2017-008632 // 
            
            
            
            CNNVD: CNNVD-201709-879 // 
            
            
            
            NVD: CVE-2017-14602

REFERENCES
url:https://support.citrix.com/article/ctx227928
Trust: 2.0
url:http://www.securityfocus.com/bid/100980
Trust: 1.7
url:https://support.citrix.com/article/ctx228091
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14602
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-14602
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2023.1511
Trust: 0.6
url:http://www.citrix.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-105341 // 
            
            
            
            BID: 100980 // 
            
            
            
            JVNDB: JVNDB-2017-008632 // 
            
            
            
            CNNVD: CNNVD-201709-879 // 
            
            
            
            NVD: CVE-2017-14602

CREDITS
Frank Gifford of NCC Group
Trust: 0.3
sources:
            
            
            BID: 100980

SOURCES
db:VULHUBid:VHN-105341
db:BIDid:100980
db:JVNDBid:JVNDB-2017-008632
db:CNNVDid:CNNVD-201709-879
db:NVDid:CVE-2017-14602

LAST UPDATE DATE
2024-11-23T21:40:29.150000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-105341date:2019-10-03T00:00:00
db:BIDid:100980date:2017-09-25T00:00:00
db:JVNDBid:JVNDB-2017-008632date:2017-10-25T00:00:00
db:CNNVDid:CNNVD-201709-879date:2023-03-13T00:00:00
db:NVDid:CVE-2017-14602date:2024-11-21T03:13:11.013

SOURCES RELEASE DATE
db:VULHUBid:VHN-105341date:2017-09-26T00:00:00
db:BIDid:100980date:2017-09-25T00:00:00
db:JVNDBid:JVNDB-2017-008632date:2017-10-25T00:00:00
db:CNNVDid:CNNVD-201709-879date:2017-09-20T00:00:00
db:NVDid:CVE-2017-14602date:2017-09-26T14:29:00.487