VDB-107160 · CVE-2017-14602 · BID 100980

Citrix Netscaler Application Delivery Controller up to 12.0 Management Interface access control

A vulnerability was found in Citrix Netscaler Application Delivery Controller up to 12.0 (Network Management Software). It has been classified as critical. Affected is an unknown code of the component Management Interface. Applying a patch is able to eliminate this problem. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Field	09/27/2017 08:51 AM	11/19/2019 08:10 PM	01/14/2021 02:31 PM
type	Network Management Software	Network Management Software	Network Management Software
vendor	Citrix	Citrix	Citrix
name	Netscaler Application Delivery Controller	Netscaler Application Delivery Controller	Netscaler Application Delivery Controller
version	<=10.0/10.5/10.5e/11.0/11.1/12.0	<=10.0/10.5/10.5e/11.0/11.1/12.0	<=10.0/10.5/10.5e/11.0/11.1/12.0
component	Management Interface	Management Interface	Management Interface
cwe	264 (privilege escalation)	264 (privilege escalation)	264 (privilege escalation)
risk	2	2	2
cvss2_vuldb_basescore	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.7	5.7	5.7
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	S	S	S
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_nvd_av	N	N	N
cvss2_nvd_ac	L	L	L
cvss2_nvd_au	S	S	S
cvss2_nvd_ci	C	C	C
cvss2_nvd_ii	C	C	C
cvss2_nvd_ai	C	C	C
cvss3_meta_basescore	5.9	5.9	5.9
cvss3_meta_tempscore	5.7	5.7	5.7
cvss3_vuldb_basescore	4.7	4.7	4.7
cvss3_vuldb_tempscore	4.5	4.5	4.5
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	H	H	H
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_nvd_av	N	N	N
cvss3_nvd_ac	L	L	L
cvss3_nvd_pr	H	H	H
cvss3_nvd_ui	N	N	N
cvss3_nvd_s	U	U	U
cvss3_nvd_c	H	H	H
cvss3_nvd_i	H	H	H
cvss3_nvd_a	H	H	H
date	1506384000 (09/26/2017)	1506384000 (09/26/2017)	1506384000 (09/26/2017)
url	https://support.citrix.com/article/CTX227928	https://support.citrix.com/article/CTX227928	https://support.citrix.com/article/CTX227928
price_0day	$5k-$25k	$5k-$25k	$5k-$25k
name	Patch	Patch	Patch
cve	CVE-2017-14602	CVE-2017-14602	CVE-2017-14602
cve_assigned	1505779200	1505779200	1505779200
cve_nvd_published	1506384000	1506384000	1506384000
cve_nvd_summary	A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance.	A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance.	A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance.
securityfocus	100980	100980	100980
securityfocus_title	Citrix NetScaler ADC and NetScaler Gateway CVE-2017-14602 Authentication Bypass Vulnerability	Citrix NetScaler ADC and NetScaler Gateway CVE-2017-14602 Authentication Bypass Vulnerability	Citrix NetScaler ADC and NetScaler Gateway CVE-2017-14602 Authentication Bypass Vulnerability
nessus_id	103467	103467	103467
nessus_name	Citrix NetScaler Authentication Bypass Vulnerability (CTX227928)	Citrix NetScaler Authentication Bypass Vulnerability (CTX227928)	Citrix NetScaler Authentication Bypass Vulnerability (CTX227928)
nessus_filename	citrix_netscaler_CTX227928.nasl	citrix_netscaler_CTX227928.nasl	citrix_netscaler_CTX227928.nasl
nessus_risk	High	High	High
nessus_family	CGI abuses	CGI abuses	CGI abuses
nessus_type	combined	combined	combined
nessus_date	1506384000 (09/26/2017)	1506384000 (09/26/2017)	1506384000 (09/26/2017)
qualys_id	370583	370583	370583
qualys_title	Citrix NetScaler ADC and Gateway Authentication Bypass Vulnerability (CTX227928)	Citrix NetScaler ADC and Gateway Authentication Bypass Vulnerability (CTX227928)	Citrix NetScaler ADC and Gateway Authentication Bypass Vulnerability (CTX227928)
location	Website	Website	Website
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_rc	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	X	X	X
cvss3_nvd_basescore	7.2	7.2	7.2
discoverydate		1506384000	1506384000
company_name		NCC Group	NCC Group
confirm_url		https://support.citrix.com/article/CTX227928	https://support.citrix.com/article/CTX227928
date		1506297600 (09/25/2017)	1506297600 (09/25/2017)
securityfocus_date		1506297600 (09/25/2017)	1506297600 (09/25/2017)
securityfocus_class		Design Error	Design Error
person_name			Frank Gifford
cvss2_nvd_basescore			9.0

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!