Vulnerability ID 5905

Citrix Access Gateway up to 5.0.4 unknown vulnerability

Citrix
CVSSv3 Temp ScoreCurrent Exploit Price (≈)
5.1$1k-$2k

A vulnerability classified as problematic was found in Citrix Access Gateway up to 5.0.4. As an impact it is known to affect integrity.

The weakness was published 07/31/2012 as CTX133648 as confirmed advisory (Website). The advisory is shared for download at support.citrix.com. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Neither technical details nor an exploit are publicly available.

Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the databases at Secunia (SA50140) and SecurityTracker (ID 1027336). Entries connected to this vulnerability are available at 5903 and 5904.

CVSSv3

Base Score: 5.3 [?]
Temp Score: 5.1 [?]
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:O/RC:C [?]
Reliability: Medium

CVSSv2

Base Score: 4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N) [?]
Temp Score: 3.7 (CVSS2#E:ND/RL:OF/RC:C) [?]
Reliability: Medium

AVACAuCIA
LHMNNN
AMSPPP
NLNCCC
VectorComplexityAuthenticationConfidentialityIntegrityAvailability
LocalHighMultipleNoneNoneNone
AdjacentMediumSinglePartialPartialPartial
NetworkLowNoneCompleteCompleteComplete

CPE

Exploiting

Local: No
Remote: Yes

Availability: No

Current Price Estimation: $10k-$25k (0-day) / $1k-$2k (Today)

0-Day$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k
Today$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k

Countermeasures

Recommended: Patch
Status: Official fix
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known

Timeline

07/31/2012 Advisory disclosed
07/31/2012 +0 days Countermeasure disclosed
08/01/2012 +1 days SecurityTracker entry created
08/03/2012 +2 days OSVDB entry created
08/10/2012 +7 days VulDB entry created
12/11/2015 +1219 days VulDB entry updated

Sources

Advisory: CTX133648
Status: Confirmed
Secunia: 50140 - Citrix Access Gateway Multiple Vulnerabilities, Moderately Critical
SecurityTracker: 1027336 - Citrix Access Gateway Bugs Let Remote Users Traverse the Directory, Proxy Connections via the Target System, and Inject Text Content
OSVDB: 84432 - Citrix Access Gateway Unspecified Text Content Injection

See also: 5903, 5904

Entry

Created: 08/10/2012
Updated: 12/11/2015
Entry: 78.3% complete