cnvd - cnvd-2015-06057

cnvd-2015-06057

Vulnerability from cnvd

Title: Citrix NetScaler ADC/NetScaler Gateway权限提升漏洞

Description:

Citrix NetScaler ADC是应用交付控制器，可以优化企业服务交付。Citrix Access Gateway是一款通用的SSL VPN设备。

Citrix NetScaler Application Delivery Controller (ADC)及NetScaler Gateway 10.1 Build 132.8之前版本, 10.5 Build 57.7之前版本, 10.5e Build 56.1505.e之前版本存在多个权限提升漏洞。远程攻击者通过CLI及Web UI，利用这些漏洞可获取提升的权限。

Severity: 高

Patch Name: Citrix NetScaler ADC/NetScaler Gateway权限提升漏洞的补丁

Patch Description:

Citrix NetScaler ADC是应用交付控制器，可以优化企业服务交付。Citrix Access Gateway是一款通用的SSL VPN设备。

Formal description:

用户可参考如下供应商提供的安全公告获得补丁信息： http://support.citrix.com/article/CTX201334

Reference: http://support.citrix.com/article/CTX201334

Impacted products

Name
Citrix NetScaler ADC 10.x

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-5538"
    }
  },
  "description": "Citrix NetScaler ADC\u662f\u5e94\u7528\u4ea4\u4ed8\u63a7\u5236\u5668\uff0c\u53ef\u4ee5\u4f18\u5316\u4f01\u4e1a\u670d\u52a1\u4ea4\u4ed8\u3002Citrix Access Gateway\u662f\u4e00\u6b3e\u901a\u7528\u7684SSL VPN\u8bbe\u5907\u3002\r\n\r\nCitrix NetScaler Application Delivery Controller (ADC)\u53caNetScaler Gateway 10.1 Build 132.8\u4e4b\u524d\u7248\u672c, 10.5 Build 57.7\u4e4b\u524d\u7248\u672c, 10.5e Build 56.1505.e\u4e4b\u524d\u7248\u672c\u5b58\u5728\u591a\u4e2a\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7CLI\u53caWeb UI\uff0c\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u53ef\u83b7\u53d6\u63d0\u5347\u7684\u6743\u9650\u3002",
  "discovererName": "David Johansson",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://support.citrix.com/article/CTX201334",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-06057",
  "openTime": "2015-09-21",
  "patchDescription": "Citrix NetScaler ADC\u662f\u5e94\u7528\u4ea4\u4ed8\u63a7\u5236\u5668\uff0c\u53ef\u4ee5\u4f18\u5316\u4f01\u4e1a\u670d\u52a1\u4ea4\u4ed8\u3002Citrix Access Gateway\u662f\u4e00\u6b3e\u901a\u7528\u7684SSL VPN\u8bbe\u5907\u3002 \r\n\r\nCitrix NetScaler Application Delivery Controller (ADC)\u53caNetScaler Gateway 10.1 Build 132.8\u4e4b\u524d\u7248\u672c, 10.5 Build 57.7\u4e4b\u524d\u7248\u672c, 10.5e Build 56.1505.e\u4e4b\u524d\u7248\u672c\u5b58\u5728\u591a\u4e2a\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7CLI\u53caWeb UI\uff0c\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u53ef\u83b7\u53d6\u63d0\u5347\u7684\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Citrix NetScaler ADC/NetScaler Gateway\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Citrix NetScaler ADC 10.x"
  },
  "referenceLink": "http://support.citrix.com/article/CTX201334",
  "serverity": "\u9ad8",
  "submitTime": "2015-09-18",
  "title": "Citrix NetScaler ADC/NetScaler Gateway\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2015-5538 (GCVE-0-2015-5538)

Vulnerability from cvelistv5

Published

2015-09-17 16:00

Modified

2024-08-06 06:50

Severity ?

CWE

Summary

Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allow remote attackers to gain privileges via unknown vectors, related to the (1) Command Line Interface (CLI) and the (2) Web User Interface (UI).

References

▼	URL	Tags
	http://www.securitytracker.com/id/1033618	vdb-entry, x_refsource_SECTRACK
	http://support.citrix.com/article/CTX201334	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:50:02.816Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1033618",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033618"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX201334"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-06-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allow remote attackers to gain privileges via unknown vectors, related to the (1) Command Line Interface (CLI) and the (2) Web User Interface (UI)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-20T16:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1033618",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033618"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX201334"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-5538",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allow remote attackers to gain privileges via unknown vectors, related to the (1) Command Line Interface (CLI) and the (2) Web User Interface (UI)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1033618",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033618"
            },
            {
              "name": "http://support.citrix.com/article/CTX201334",
              "refsource": "CONFIRM",
              "url": "http://support.citrix.com/article/CTX201334"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-5538",
    "datePublished": "2015-09-17T16:00:00",
    "dateReserved": "2015-07-17T00:00:00",
    "dateUpdated": "2024-08-06T06:50:02.816Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted