Details of VAR-202207-2009

ID

VAR-202207-2009

CVE

CVE-2022-27509

TITLE

of Citrix Systems Citrix Gateway and Citrix Application Delivery Controller Open redirect vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2022-014127

DESCRIPTION

Unauthenticated redirection to a malicious website. of Citrix Systems Citrix Gateway and Citrix Application Delivery Controller An open redirect vulnerability exists in firmware.Information may be obtained and information may be tampered with. Used for application security, overall visibility and availability. Prior to 86.17 and Citrix Gateway 13.0, Citrix ADC 12.1-65.15 and prior to Citrix Gateway 12.1, Citrix ADC 12.1-FIPS prior, Citrix ADC 12.1-NDcPP prior to 12.1-55.282

Trust: 1.8

sources: NVD: CVE-2022-27509 // JVNDB: JVNDB-2022-014127 // VULHUB: VHN-418143 // VULMON: CVE-2022-27509

AFFECTED PRODUCTS

vendor:	citrix	model:	gateway	scope:	lt	version:	12.1-65.15	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	lt	version:	13.0-86.17	Trust: 1.0
vendor:	citrix	model:	gateway	scope:	gte	version:	12.1	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	lt	version:	12.1-65.15	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	lt	version:	13.1-24.38	Trust: 1.0
vendor:	citrix	model:	gateway	scope:	lt	version:	13.1-24.38	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	lt	version:	12.1-55.282	Trust: 1.0
vendor:	citrix	model:	gateway	scope:	gte	version:	13.1	Trust: 1.0
vendor:	citrix	model:	gateway	scope:	gte	version:	13.0	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	gte	version:	12.1	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	gte	version:	13.1	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	gte	version:	13.0	Trust: 1.0
vendor:	citrix	model:	gateway	scope:	lt	version:	13.0-86.17	Trust: 1.0
vendor:	シトリックスシステムズ	model:	citrix gateway	scope:	-	version:	-	Trust: 0.8
vendor:	シトリックスシステムズ	model:	citrix application delivery controller	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-014127 // NVD: CVE-2022-27509

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-27509
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-27509
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202207-2610
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-27509
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2022-27509
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-014127 // CNNVD: CNNVD-202207-2610 // NVD: CVE-2022-27509

PROBLEMTYPE DATA

problemtype:	CWE-601	Trust: 1.1
problemtype:	Open redirect (CWE-601) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-418143 // JVNDB: JVNDB-2022-014127 // NVD: CVE-2022-27509

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-2610

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202207-2610

PATCH

title:

Citrix ADC and Citrix Gateway Enter the fix for the verification error vulnerability

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=203341

Trust: 0.6

sources: CNNVD: CNNVD-202207-2610

EXTERNAL IDS

db:	NVD	id:	CVE-2022-27509	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-014127	Trust: 0.8
db:	CNNVD	id:	CNNVD-202207-2610	Trust: 0.7
db:	VULHUB	id:	VHN-418143	Trust: 0.1
db:	VULMON	id:	CVE-2022-27509	Trust: 0.1

sources: VULHUB: VHN-418143 // VULMON: CVE-2022-27509 // JVNDB: JVNDB-2022-014127 // CNNVD: CNNVD-202207-2610 // NVD: CVE-2022-27509

REFERENCES

url:	https://support.citrix.com/article/ctx457836	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-27509	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-27509/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-418143 // VULMON: CVE-2022-27509 // JVNDB: JVNDB-2022-014127 // CNNVD: CNNVD-202207-2610 // NVD: CVE-2022-27509

SOURCES

db:	VULHUB	id:	VHN-418143
db:	VULMON	id:	CVE-2022-27509
db:	JVNDB	id:	JVNDB-2022-014127
db:	CNNVD	id:	CNNVD-202207-2610
db:	NVD	id:	CVE-2022-27509

LAST UPDATE DATE

2024-08-14T15:42:17.238000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-418143	date:	2022-08-05T00:00:00
db:	VULMON	id:	CVE-2022-27509	date:	2022-07-28T00:00:00
db:	JVNDB	id:	JVNDB-2022-014127	date:	2023-09-14T08:12:00
db:	CNNVD	id:	CNNVD-202207-2610	date:	2022-08-10T00:00:00
db:	NVD	id:	CVE-2022-27509	date:	2022-08-05T15:01:51.680

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-418143	date:	2022-07-28T00:00:00
db:	VULMON	id:	CVE-2022-27509	date:	2022-07-28T00:00:00
db:	JVNDB	id:	JVNDB-2022-014127	date:	2023-09-14T00:00:00
db:	CNNVD	id:	CNNVD-202207-2610	date:	2022-07-28T00:00:00
db:	NVD	id:	CVE-2022-27509	date:	2022-07-28T14:15:08.380