Citrix Netscaler Application Delivery Controller up to 12.0 Management Interface access control

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Citrix Netscaler Application Delivery Controller up to 12.0 (Network Management Software). It has been classified as critical. Affected is an unknown code of the component Management Interface. Applying a patch is able to eliminate this problem. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Field09/27/2017 08:51 AM11/19/2019 08:10 PM01/14/2021 02:31 PM
typeNetwork Management SoftwareNetwork Management SoftwareNetwork Management Software
vendorCitrixCitrixCitrix
nameNetscaler Application Delivery ControllerNetscaler Application Delivery ControllerNetscaler Application Delivery Controller
version<=10.0/10.5/10.5e/11.0/11.1/12.0<=10.0/10.5/10.5e/11.0/11.1/12.0<=10.0/10.5/10.5e/11.0/11.1/12.0
componentManagement InterfaceManagement InterfaceManagement Interface
cwe264 (privilege escalation)264 (privilege escalation)264 (privilege escalation)
risk222
cvss2_vuldb_basescore6.56.56.5
cvss2_vuldb_tempscore5.75.75.7
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auSSS
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acLLL
cvss2_nvd_auSSS
cvss2_nvd_ciCCC
cvss2_nvd_iiCCC
cvss2_nvd_aiCCC
cvss3_meta_basescore5.95.95.9
cvss3_meta_tempscore5.75.75.7
cvss3_vuldb_basescore4.74.74.7
cvss3_vuldb_tempscore4.54.54.5
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prHHH
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prHHH
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
date1506384000 (09/26/2017)1506384000 (09/26/2017)1506384000 (09/26/2017)
urlhttps://support.citrix.com/article/CTX227928https://support.citrix.com/article/CTX227928https://support.citrix.com/article/CTX227928
price_0day$5k-$25k$5k-$25k$5k-$25k
namePatchPatchPatch
cveCVE-2017-14602CVE-2017-14602CVE-2017-14602
cve_assigned150577920015057792001505779200
cve_nvd_published150638400015063840001506384000
cve_nvd_summaryA vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance.A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance.A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance.
securityfocus100980100980100980
securityfocus_titleCitrix NetScaler ADC and NetScaler Gateway CVE-2017-14602 Authentication Bypass VulnerabilityCitrix NetScaler ADC and NetScaler Gateway CVE-2017-14602 Authentication Bypass VulnerabilityCitrix NetScaler ADC and NetScaler Gateway CVE-2017-14602 Authentication Bypass Vulnerability
nessus_id103467103467103467
nessus_nameCitrix NetScaler Authentication Bypass Vulnerability (CTX227928)Citrix NetScaler Authentication Bypass Vulnerability (CTX227928)Citrix NetScaler Authentication Bypass Vulnerability (CTX227928)
nessus_filenamecitrix_netscaler_CTX227928.naslcitrix_netscaler_CTX227928.naslcitrix_netscaler_CTX227928.nasl
nessus_riskHighHighHigh
nessus_familyCGI abusesCGI abusesCGI abuses
nessus_typecombinedcombinedcombined
nessus_date1506384000 (09/26/2017)1506384000 (09/26/2017)1506384000 (09/26/2017)
qualys_id370583370583370583
qualys_titleCitrix NetScaler ADC and Gateway Authentication Bypass Vulnerability (CTX227928)Citrix NetScaler ADC and Gateway Authentication Bypass Vulnerability (CTX227928)Citrix NetScaler ADC and Gateway Authentication Bypass Vulnerability (CTX227928)
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcXXX
cvss3_nvd_basescore7.27.27.2
discoverydate15063840001506384000
company_nameNCC GroupNCC Group
confirm_urlhttps://support.citrix.com/article/CTX227928https://support.citrix.com/article/CTX227928
date1506297600 (09/25/2017)1506297600 (09/25/2017)
securityfocus_date1506297600 (09/25/2017)1506297600 (09/25/2017)
securityfocus_classDesign ErrorDesign Error
person_nameFrank Gifford
cvss2_nvd_basescore9.0

Do you know our Splunk app?

Download it now for free!