1. CVE-Search
  2. CVE-2010-4566
ID CVE-2010-4566
Summary The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field.
References
Vulnerable Configurations
  • cpe:2.3:a:citrix:access_gateway:.8.0:m50.3:enterprise:*:*:*:*:*
    cpe:2.3:a:citrix:access_gateway:.8.0:m50.3:enterprise:*:*:*:*:*
  • cpe:2.3:a:citrix:access_gateway:8.0:m48.7:enterprise:*:*:*:*:*
    cpe:2.3:a:citrix:access_gateway:8.0:m48.7:enterprise:*:*:*:*:*
  • cpe:2.3:a:citrix:access_gateway:8.0:m49.2:enterprise:*:*:*:*:*
    cpe:2.3:a:citrix:access_gateway:8.0:m49.2:enterprise:*:*:*:*:*
  • cpe:2.3:a:citrix:access_gateway:8.0:m59.1:enterprise:*:*:*:*:*
    cpe:2.3:a:citrix:access_gateway:8.0:m59.1:enterprise:*:*:*:*:*
  • cpe:2.3:a:citrix:access_gateway:8.1-69.4:*:enterprise:*:*:*:*:*
    cpe:2.3:a:citrix:access_gateway:8.1-69.4:*:enterprise:*:*:*:*:*
  • cpe:2.3:a:citrix:access_gateway:9.0.71.3:*:enterprise:*:*:*:*:*
    cpe:2.3:a:citrix:access_gateway:9.0.71.3:*:enterprise:*:*:*:*:*
  • cpe:2.3:a:citrix:access_gateway:9.1-104.5:*:enterprise:*:*:*:*:*
    cpe:2.3:a:citrix:access_gateway:9.1-104.5:*:enterprise:*:*:*:*:*
  • cpe:2.3:a:citrix:access_gateway:*:*:enterprise:*:*:*:*:*
    cpe:2.3:a:citrix:access_gateway:*:*:enterprise:*:*:*:*:*
  • cpe:2.3:a:citrix:access_gateway:4.5:*:advanced:*:*:*:*:*
    cpe:2.3:a:citrix:access_gateway:4.5:*:advanced:*:*:*:*:*
  • cpe:2.3:a:citrix:access_gateway:4.5:*:standard:*:*:*:*:*
    cpe:2.3:a:citrix:access_gateway:4.5:*:standard:*:*:*:*:*
  • cpe:2.3:a:citrix:access_gateway:4.5:hf1:*:*:*:*:*:*
    cpe:2.3:a:citrix:access_gateway:4.5:hf1:*:*:*:*:*:*
  • cpe:2.3:a:citrix:access_gateway:4.5:hf1:advanced:*:*:*:*:*
    cpe:2.3:a:citrix:access_gateway:4.5:hf1:advanced:*:*:*:*:*
  • cpe:2.3:a:citrix:access_gateway:4.5.5:*:standard:*:*:*:*:*
    cpe:2.3:a:citrix:access_gateway:4.5.5:*:standard:*:*:*:*:*
  • cpe:2.3:a:citrix:access_gateway:4.5.6:*:standard:*:*:*:*:*
    cpe:2.3:a:citrix:access_gateway:4.5.6:*:standard:*:*:*:*:*
  • cpe:2.3:a:citrix:access_gateway:4.5.7:*:standard:*:*:*:*:*
    cpe:2.3:a:citrix:access_gateway:4.5.7:*:standard:*:*:*:*:*
  • cpe:2.3:a:citrix:access_gateway:4.6.1:*:standard:*:*:*:*:*
    cpe:2.3:a:citrix:access_gateway:4.6.1:*:standard:*:*:*:*:*
  • cpe:2.3:a:citrix:access_gateway:4.6.2:*:standard:*:*:*:*:*
    cpe:2.3:a:citrix:access_gateway:4.6.2:*:standard:*:*:*:*:*
  • cpe:2.3:a:citrix:access_gateway:4.6.3:*:standard:*:*:*:*:*
    cpe:2.3:a:citrix:access_gateway:4.6.3:*:standard:*:*:*:*:*
CVSS
Base: 9.3 (as of 22-09-2011 - 03:26)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
confirm http://support.citrix.com/article/CTX127613
exploit-db 16916
misc http://www.vsecurity.com/resources/advisory/20101221-1
osvdb 70099
sectrack 1024893
sreason 8119
Last major update 22-09-2011 - 03:26
Published 14-01-2011 - 23:00
Last modified 22-09-2011 - 03:26
Back to Top