CVE-2007-4017 - Cross-site request forgery (CSRF) vulnerability in the web-based administration console in Citrix Ac

CVE-2007-4017

Summary

Cross-site request forgery (CSRF) vulnerability in the web-based administration console in Citrix Access Gateway before firmware 4.5.5 allows remote attackers to perform certain configuration changes as administrators. Citrix Access Gateway is offered both as software or hardware.

References

Vulnerable Configurations

cpe:2.3:a:citrix:access_gateway:4.5:*:advanced:*:*:*:*:*
cpe:2.3:a:citrix:access_gateway:4.5:*:advanced:*:*:*:*:*
cpe:2.3:a:citrix:access_gateway:4.5:*:standard:*:*:*:*:*
cpe:2.3:a:citrix:access_gateway:4.5:*:standard:*:*:*:*:*

CVSS

Base:	7.6 (as of 29-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:H/Au:N/C:C/I:C/A:C

refmap via4

bid	24975
confirm	http://support.citrix.com/article/CTX113817 http://support.citrix.com/article/CTX114028
osvdb	37841
sectrack	1018435
secunia	26143
vupen	ADV-2007-2583
xf	citrix-access-adminconsole-csrf(35513)

Last major update

29-07-2017 - 01:32

Published

26-07-2007 - 01:30

Last modified

29-07-2017 - 01:32