ID
VAR-202007-1457
CVE
CVE-2019-18177
TITLE
Citrix ADC and Citrix Gateway Vulnerability in
Trust: 0.8
DESCRIPTION
In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update. Citrix Application Delivery Controller is an application delivery controller. The product has features such as application delivery control and load balancing. Citrix Systems Gateway is a secure remote access solution. The product provides administrators with application-level and data-level control functions to enable users to remotely access applications and data from any location. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components
Trust: 1.71
AFFECTED PRODUCTS
| vendor: | citrix | model: | gateway | scope: | lt | version: | 13.0-58.30 | Trust: 1.0 |
| vendor: | citrix | model: | application delivery controller | scope: | lt | version: | 13.0-58.30 | Trust: 1.0 |
| vendor: | シトリックス システムズ | model: | citrix application delivery controller | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シトリックス システムズ | model: | citrix gateway プラグイン | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-noinfo | Trust: 1.0 |
| problemtype: | Lack of information (CWE-noinfo) [NVD evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
information disclosure
Trust: 0.6
PATCH
| title: | CTX276688 | url: | https://support.citrix.com/article/CTX276688/citrix-application-delivery-controller-citrix-gateway-and-citrix-sdwan-wanop-appliance-security-update | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-18177 | Trust: 3.3 |
| db: | JVNDB | id: | JVNDB-2020-017552 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202007-368 | Trust: 0.7 |
| db: | AUSCERT | id: | ESB-2020.2310 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-150497 | Trust: 0.1 |
REFERENCES
| url: | https://support.citrix.com/article/ctx276688/citrix-application-delivery-controller-citrix-gateway-and-citrix-sdwan-wanop-appliance-security-update | Trust: 1.7 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-18177 | Trust: 0.8 |
| url: | https://cxsecurity.com/cveshow/cve-2019-18177/ | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2020.2310/ | Trust: 0.6 |
CREDITS
Maarten Boone (@staatsgeheim), Donny Maasland (@donnymaasland), Ltd and Viktor Dragomiretskyy, Albert Shi of Univision Network (Shanghai) Co.,Laurent Geyer of Akamai, Muris Kurgas of Digital 14 (Xen1thLabs)
Trust: 0.6
SOURCES
| db: | VULHUB | id: | VHN-150497 |
| db: | JVNDB | id: | JVNDB-2020-017552 |
| db: | CNNVD | id: | CNNVD-202007-368 |
| db: | NVD | id: | CVE-2019-18177 |
LAST UPDATE DATE
2024-08-14T13:44:03.214000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-150497 | date: | 2023-01-05T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-017552 | date: | 2023-03-17T07:04:00 |
| db: | CNNVD | id: | CNNVD-202007-368 | date: | 2023-01-06T00:00:00 |
| db: | NVD | id: | CVE-2019-18177 | date: | 2023-01-05T18:38:52.167 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-150497 | date: | 2022-12-26T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-017552 | date: | 2023-03-17T00:00:00 |
| db: | CNNVD | id: | CNNVD-202007-368 | date: | 2020-07-08T00:00:00 |
| db: | NVD | id: | CVE-2019-18177 | date: | 2022-12-26T21:15:10.380 |