cnvd-2017-33269
Vulnerability from cnvd
Title: Citrix NetScaler ADC/NetScaler Gateway身份验证绕过漏洞
Description:
Citrix NetScaler ADC是应用交付控制器,可以优化企业服务交付。
Citrix NetScaler ADC/NetScaler Gateway管理接口身份验证存在安全漏洞,允许远程攻击者利用漏洞提交的请求,绕过安全限制,未授权访问。
Severity: 高
Patch Name: Citrix NetScaler ADC/NetScaler Gateway身份验证绕过漏洞的补丁
Patch Description:
Citrix NetScaler ADC是应用交付控制器,可以优化企业服务交付。
Citrix NetScaler ADC/NetScaler Gateway管理接口身份验证存在安全漏洞,允许远程攻击者利用漏洞提交的请求,绕过安全限制,未授权访问。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: https://www.citrix.com/downloads/netscaler-adc/https://www.citrix.com/downloads/netscaler-gateway/
Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-14602
Impacted products
| Name | ['Citrix NetScaler Gateway 10.1', 'Citrix NetScaler Gateway 12.0', 'Citrix NetScaler Gateway 11.1', 'Citrix NetScaler Gateway 11.0', 'Citrix NetScaler Gateway 10.5e', 'Citrix NetScaler Gateway 10.5', 'Citrix NetScaler ADC 12.0', 'Citrix NetScaler ADC 11.1', 'Citrix NetScaler ADC 11.0', 'Citrix NetScaler ADC 10.5e', 'Citrix NetScaler ADC 10.5', 'Citrix NetScaler ADC 10.1'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "100980"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2017-14602",
"cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14602"
}
},
"description": "Citrix NetScaler ADC\u662f\u5e94\u7528\u4ea4\u4ed8\u63a7\u5236\u5668\uff0c\u53ef\u4ee5\u4f18\u5316\u4f01\u4e1a\u670d\u52a1\u4ea4\u4ed8\u3002\r\n\r\nCitrix NetScaler ADC/NetScaler Gateway\u7ba1\u7406\u63a5\u53e3\u8eab\u4efd\u9a8c\u8bc1\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7684\u8bf7\u6c42\uff0c\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u672a\u6388\u6743\u8bbf\u95ee\u3002",
"discovererName": "Frank Gifford of NCC Group",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://www.citrix.com/downloads/netscaler-adc/https://www.citrix.com/downloads/netscaler-gateway/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-33269",
"openTime": "2017-11-09",
"patchDescription": "Citrix NetScaler ADC\u662f\u5e94\u7528\u4ea4\u4ed8\u63a7\u5236\u5668\uff0c\u53ef\u4ee5\u4f18\u5316\u4f01\u4e1a\u670d\u52a1\u4ea4\u4ed8\u3002\r\n\r\nCitrix NetScaler ADC/NetScaler Gateway\u7ba1\u7406\u63a5\u53e3\u8eab\u4efd\u9a8c\u8bc1\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7684\u8bf7\u6c42\uff0c\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u672a\u6388\u6743\u8bbf\u95ee\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Citrix NetScaler ADC/NetScaler Gateway\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Citrix NetScaler Gateway 10.1",
"Citrix NetScaler Gateway 12.0",
"Citrix NetScaler Gateway 11.1",
"Citrix NetScaler Gateway 11.0",
"Citrix NetScaler Gateway 10.5e",
"Citrix NetScaler Gateway 10.5",
"Citrix NetScaler ADC 12.0",
"Citrix NetScaler ADC 11.1",
"Citrix NetScaler ADC 11.0",
"Citrix NetScaler ADC 10.5e",
"Citrix NetScaler ADC 10.5",
"Citrix NetScaler ADC 10.1"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-14602",
"serverity": "\u9ad8",
"submitTime": "2017-09-28",
"title": "Citrix NetScaler ADC/NetScaler Gateway\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…