ID CVE-2019-18225
Summary An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name.
References
Vulnerable Configurations
  • cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*
    cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*
  • cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*
    cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*
  • cpe:2.3:o:citrix:application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*
    cpe:2.3:o:citrix:application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*
  • cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1:*:*:*:*:*:*:*
    cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1:*:*:*:*:*:*:*
  • cpe:2.3:o:citrix:application_delivery_controller_firmware:13.0:*:*:*:*:*:*:*
    cpe:2.3:o:citrix:application_delivery_controller_firmware:13.0:*:*:*:*:*:*:*
  • cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*
    cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*
  • cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*
    cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*
  • cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*
    cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*
  • cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*
    cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*
  • cpe:2.3:o:citrix:netscaler_gateway_firmware:12.1:*:*:*:*:*:*:*
    cpe:2.3:o:citrix:netscaler_gateway_firmware:12.1:*:*:*:*:*:*:*
  • cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*
    cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*
  • cpe:2.3:o:citrix:gateway_firmware:13.0:*:*:*:*:*:*:*
    cpe:2.3:o:citrix:gateway_firmware:13.0:*:*:*:*:*:*:*
  • cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*
    cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
misc https://support.citrix.com/article/CTX261055
Last major update 24-08-2020 - 17:37
Published 21-10-2019 - 18:15
Last modified 24-08-2020 - 17:37
Back to Top