Details of VAR-201905-0568

ID

VAR-201905-0568

CVE

CVE-2019-12044

TITLE

Citrix NetScaler Gateway and Application Delivery Controller Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004828

DESCRIPTION

A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. The following versions of Citrix ADC and Citrix NetScaler Gateway are affected: 10.5.x prior to 10.5.70 11.1.x prior to 11.1.59.10 12.0.x prior to 12.0.59.8 12.1.x prior to 12.1.49.23. Citrix Systems NetScaler Gateway is a secure remote access solution. This solution provides administrators with application-level and data-level control functions to enable users to remotely access applications and data from any location. The product has features such as application delivery control and load balancing. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 1.98

sources: NVD: CVE-2019-12044 // JVNDB: JVNDB-2019-004828 // BID: 108343 // VULHUB: VHN-143751

AFFECTED PRODUCTS

vendor:	citrix	model:	netscaler application delivery controller	scope:	gte	version:	10.5.0	Trust: 1.0
vendor:	citrix	model:	netscaler application delivery controller	scope:	gte	version:	11.1.0	Trust: 1.0
vendor:	citrix	model:	netscaler gateway	scope:	lt	version:	11.1.59.10	Trust: 1.0
vendor:	citrix	model:	netscaler gateway	scope:	gte	version:	11.1.0	Trust: 1.0
vendor:	citrix	model:	netscaler gateway	scope:	gte	version:	10.5.0	Trust: 1.0
vendor:	citrix	model:	netscaler application delivery controller	scope:	lt	version:	11.1.59.10	Trust: 1.0
vendor:	citrix	model:	netscaler application delivery controller	scope:	lt	version:	12.1.49.23	Trust: 1.0
vendor:	citrix	model:	netscaler gateway	scope:	lt	version:	12.1.49.23	Trust: 1.0
vendor:	citrix	model:	netscaler application delivery controller	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	citrix	model:	netscaler gateway	scope:	lt	version:	10.5.70	Trust: 1.0
vendor:	citrix	model:	netscaler application delivery controller	scope:	lt	version:	12.0.59.8	Trust: 1.0
vendor:	citrix	model:	netscaler gateway	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	citrix	model:	netscaler application delivery controller	scope:	lt	version:	10.5.70	Trust: 1.0
vendor:	citrix	model:	netscaler gateway	scope:	lt	version:	12.0.59.8	Trust: 1.0
vendor:	citrix	model:	netscaler gateway	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	citrix	model:	netscaler application delivery controller	scope:	gte	version:	12.1.0	Trust: 1.0
vendor:	citrix	model:	netscaler application delivery controller	scope:	-	version:	-	Trust: 0.8
vendor:	citrix	model:	netscaler gateway	scope:	-	version:	-	Trust: 0.8
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	12.1	Trust: 0.3
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	12.0	Trust: 0.3
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	11.1	Trust: 0.3
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.5	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	12.1	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	12.0	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	11.1	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.5	Trust: 0.3
vendor:	citrix	model:	netscaler gateway	scope:	ne	version:	10.5.70	Trust: 0.3
vendor:	citrix	model:	netscaler gateway	scope:	ne	version:	11.1.59.10	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	ne	version:	10.5.70	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	ne	version:	12.1.49.23	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	ne	version:	12.0.59.8	Trust: 0.3
vendor:	citrix	model:	netscaler application delivery controller	scope:	ne	version:	11.1.59.10	Trust: 0.3
vendor:	cisco	model:	netscaler gateway	scope:	ne	version:	12.1.49.23	Trust: 0.3
vendor:	cisco	model:	netscaler gateway	scope:	ne	version:	12.0.59.8	Trust: 0.3

sources: BID: 108343 // JVNDB: JVNDB-2019-004828 // NVD: CVE-2019-12044

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-12044
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-12044
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201905-444
value:	HIGH
Trust: 0.6
VULHUB:	VHN-143751
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-12044
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-143751
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-12044
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-143751 // JVNDB: JVNDB-2019-004828 // CNNVD: CNNVD-201905-444 // NVD: CVE-2019-12044

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-143751 // JVNDB: JVNDB-2019-004828 // NVD: CVE-2019-12044

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-444

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201905-444

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004828

PATCH

title:	CTX249976	url:	https://support.citrix.com/article/CTX249976	Trust: 0.8
title:	Search	url:	https://support.citrix.com/search/#/All%20Products?ct=All%20types&searchText=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletin&sortBy=Relevance	Trust: 0.8
title:	CitrixADC and Citrix NetScaler Gateway Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92602	Trust: 0.6

sources: JVNDB: JVNDB-2019-004828 // CNNVD: CNNVD-201905-444

EXTERNAL IDS

db:	NVD	id:	CVE-2019-12044	Trust: 2.8
db:	BID	id:	108343	Trust: 0.9
db:	JVNDB	id:	JVNDB-2019-004828	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-444	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1688	Trust: 0.6
db:	VULHUB	id:	VHN-143751	Trust: 0.1

sources: VULHUB: VHN-143751 // BID: 108343 // JVNDB: JVNDB-2019-004828 // CNNVD: CNNVD-201905-444 // NVD: CVE-2019-12044

REFERENCES

url:	https://support.citrix.com/article/ctx249976	Trust: 2.0
url:	https://support.citrix.com/v1/search?searchquery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=security+bulletin	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12044	Trust: 1.4
url:	http://www.securityfocus.com/bid/108343	Trust: 1.2
url:	http://www.citrix.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12044	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/80798	Trust: 0.6
url:	https://support.citrix.com/v1/search?searchquery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=security+bulletin	Trust: 0.1

sources: VULHUB: VHN-143751 // BID: 108343 // JVNDB: JVNDB-2019-004828 // CNNVD: CNNVD-201905-444 // NVD: CVE-2019-12044

CREDITS

Citrix

Trust: 0.9

sources: BID: 108343 // CNNVD: CNNVD-201905-444

SOURCES

db:	VULHUB	id:	VHN-143751
db:	BID	id:	108343
db:	JVNDB	id:	JVNDB-2019-004828
db:	CNNVD	id:	CNNVD-201905-444
db:	NVD	id:	CVE-2019-12044

LAST UPDATE DATE

2024-11-23T22:37:52.485000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-143751	date:	2019-05-24T00:00:00
db:	BID	id:	108343	date:	2019-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-004828	date:	2019-06-10T00:00:00
db:	CNNVD	id:	CNNVD-201905-444	date:	2019-05-27T00:00:00
db:	NVD	id:	CVE-2019-12044	date:	2024-11-21T04:22:09.690

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-143751	date:	2019-05-22T00:00:00
db:	BID	id:	108343	date:	2019-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-004828	date:	2019-06-10T00:00:00
db:	CNNVD	id:	CNNVD-201905-444	date:	2019-05-14T00:00:00
db:	NVD	id:	CVE-2019-12044	date:	2019-05-22T16:29:01.243