Citrix Netscaler 10.0/10.1/10.5 Management Interface memory corruption
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.6 | $0-$5k | 0.00 |
Summary
A vulnerability classified as critical has been found in Citrix Netscaler 10.0/10.1/10.5. This affects an unknown function of the component Management Interface. Performing a manipulation results in memory corruption. This vulnerability is identified as CVE-2014-7140. Additionally, an exploit exists.
Details
A vulnerability classified as critical has been found in Citrix Netscaler 10.0/10.1/10.5 (Network Management Software). This affects some unknown processing of the component Management Interface. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote attackers to execute arbitrary code via unknown vectors.
The weakness was released 09/17/2014 as CTX200206 as confirmed advisory (Website). It is possible to read the advisory at support.citrix.com. This vulnerability is uniquely identified as CVE-2014-7140 since 09/22/2014. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details are unknown but a public exploit is available.
The exploit is shared for download at exploit-db.com. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 78893 (Citrix NetScaler Unspecified Remote Code Execution (CTX200206)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CGI abuses. The commercial vulnerability scanner Qualys is able to test this issue with plugin 115183 (Citrix NetScaler Application Delivery Controller and NetScaler Gateway Code Execution Vulnerability).
The vulnerability is also documented in the databases at X-Force (99806), Exploit-DB (35180), Tenable (78893), SecurityFocus (BID 70696†) and Vulnerability Center (SBV-46878†). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.citrix.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 6.6
VulDB Base Score: 7.3
VulDB Temp Score: 6.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 78893
Nessus Name: Citrix NetScaler Unspecified Remote Code Execution (CTX200206)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
OpenVAS ID: 801854
OpenVAS Name: Citrix NetScaler Arbitrary Code Execution Vulnerability (CTX200206)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Fortigate IPS: 🔍
Timeline
09/17/2014 🔍09/17/2014 🔍
09/17/2014 🔍
09/22/2014 🔍
10/21/2014 🔍
11/04/2014 🔍
11/06/2014 🔍
01/13/2015 🔍
12/13/2024 🔍
Sources
Vendor: citrix.comAdvisory: CTX200206
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2014-7140 (🔍)
GCVE (CVE): GCVE-0-2014-7140
GCVE (VulDB): GCVE-100-68571
X-Force: 99806 - Citrix NetScaler Application Delivery Controller code execution, High Risk
SecurityFocus: 70696 - Citrix NetScaler Application Delivery Controller and Gateway Arbitrary Code Execution Vulnerability
SecurityTracker: 1031129
Vulnerability Center: 46878 - Citrix NetScaler Application Delivery Controller and NetScaler Gateway Remote Code Execution, High
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 01/13/2015 14:31Updated: 12/13/2024 23:35
Changes: 01/13/2015 14:31 (68), 06/11/2017 04:54 (7), 03/05/2022 06:27 (3), 03/05/2022 06:38 (1), 07/05/2024 06:01 (24), 12/13/2024 23:35 (2)
Complete: 🔍
Cache ID: 216:440:103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.