cnvd - cnvd-2019-37880

cnvd-2019-37880

Vulnerability from cnvd

Title: Citrix Systems NetScaler Gateway和Citrix Application Delivery Controller授权问题漏洞

Description:

Citrix Systems NetScaler Gateway（Citrix Systems Gateway）和Citrix Application Delivery Controller（ADC）都是美国思杰系统（Citrix Systems）公司的产品。Citrix Systems NetScaler Gateway是一套安全的远程接入解决方案。该方案可为管理员提供应用级和数据级管控功能，以实现用户从任何地点远程访问应用和数据。Citrix Application Delivery Controller是一款应用交付控制器。该产品具有应用交付控制和负载均衡等功能。

Citrix Systems NetScaler Gateway和Citrix ADC中存在授权问题漏洞，攻击者可利用该漏洞绕过身份验证，获取设备的管理权限。

Severity: 高

Patch Name: Citrix Systems NetScaler Gateway和Citrix Application Delivery Controller授权问题漏洞的补丁

Patch Description:

Citrix Systems NetScaler Gateway和Citrix ADC中存在授权问题漏洞，攻击者可利用该漏洞绕过身份验证，获取设备的管理权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://support.citrix.com/article/CTX261055

Reference: https://support.citrix.com/article/CTX261055 https://nvd.nist.gov/vuln/detail/CVE-2019-18225

Impacted products

Name
['Citrix Systems NetScaler Application Delivery Controller（ADC） <10.5 build 70.8', 'Citrix Systems NetScaler Application Delivery Controller（ADC） 11.，<11.1 build 63.9', 'Citrix Systems NetScaler Application Delivery Controller（ADC） 12.0，<12.0 build 62.10', 'Citrix Systems NetScaler Application Delivery Controller（ADC） 12.1，<12.1 build 54.16', 'Citrix Systems NetScaler Application Delivery Controller（ADC） 13.0，<13.0 build 41.28', 'Citrix Systems NetScaler Gateway <10.5 build 70.8', 'Citrix Systems NetScaler Gateway 11.，<11.1 build 63.9', 'Citrix Systems NetScaler Gateway 12.0，<12.0 build 62.10', 'Citrix Systems NetScaler Gateway 12.1，<12.1 build 54.16', 'Citrix Systems NetScaler Gateway 13.0，<13.0 build 41.28']

Name

['Citrix Systems NetScaler Application Delivery Controller（ADC） <10.5 build 70.8', 'Citrix Systems NetScaler Application Delivery Controller（ADC） 11.*，<11.1 build 63.9', 'Citrix Systems NetScaler Application Delivery Controller（ADC） 12.0，<12.0 build 62.10', 'Citrix Systems NetScaler Application Delivery Controller（ADC） 12.1，<12.1 build 54.16', 'Citrix Systems NetScaler Application Delivery Controller（ADC） 13.0，<13.0 build 41.28', 'Citrix Systems NetScaler Gateway <10.5 build 70.8', 'Citrix Systems NetScaler Gateway 11.*，<11.1 build 63.9', 'Citrix Systems NetScaler Gateway 12.0，<12.0 build 62.10', 'Citrix Systems NetScaler Gateway 12.1，<12.1 build 54.16', 'Citrix Systems NetScaler Gateway 13.0，<13.0 build 41.28']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-18225"
    }
  },
  "description": "Citrix Systems NetScaler Gateway\uff08Citrix Systems Gateway\uff09\u548cCitrix Application Delivery Controller\uff08ADC\uff09\u90fd\u662f\u7f8e\u56fd\u601d\u6770\u7cfb\u7edf\uff08Citrix Systems\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Citrix Systems NetScaler Gateway\u662f\u4e00\u5957\u5b89\u5168\u7684\u8fdc\u7a0b\u63a5\u5165\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u53ef\u4e3a\u7ba1\u7406\u5458\u63d0\u4f9b\u5e94\u7528\u7ea7\u548c\u6570\u636e\u7ea7\u7ba1\u63a7\u529f\u80fd\uff0c\u4ee5\u5b9e\u73b0\u7528\u6237\u4ece\u4efb\u4f55\u5730\u70b9\u8fdc\u7a0b\u8bbf\u95ee\u5e94\u7528\u548c\u6570\u636e\u3002Citrix Application Delivery Controller\u662f\u4e00\u6b3e\u5e94\u7528\u4ea4\u4ed8\u63a7\u5236\u5668\u3002\u8be5\u4ea7\u54c1\u5177\u6709\u5e94\u7528\u4ea4\u4ed8\u63a7\u5236\u548c\u8d1f\u8f7d\u5747\u8861\u7b49\u529f\u80fd\u3002\n\nCitrix Systems NetScaler Gateway\u548cCitrix ADC\u4e2d\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\uff0c\u83b7\u53d6\u8bbe\u5907\u7684\u7ba1\u7406\u6743\u9650\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.citrix.com/article/CTX261055",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-37880",
  "openTime": "2019-10-29",
  "patchDescription": "Citrix Systems NetScaler Gateway\uff08Citrix Systems Gateway\uff09\u548cCitrix Application Delivery Controller\uff08ADC\uff09\u90fd\u662f\u7f8e\u56fd\u601d\u6770\u7cfb\u7edf\uff08Citrix Systems\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Citrix Systems NetScaler Gateway\u662f\u4e00\u5957\u5b89\u5168\u7684\u8fdc\u7a0b\u63a5\u5165\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u53ef\u4e3a\u7ba1\u7406\u5458\u63d0\u4f9b\u5e94\u7528\u7ea7\u548c\u6570\u636e\u7ea7\u7ba1\u63a7\u529f\u80fd\uff0c\u4ee5\u5b9e\u73b0\u7528\u6237\u4ece\u4efb\u4f55\u5730\u70b9\u8fdc\u7a0b\u8bbf\u95ee\u5e94\u7528\u548c\u6570\u636e\u3002Citrix Application Delivery Controller\u662f\u4e00\u6b3e\u5e94\u7528\u4ea4\u4ed8\u63a7\u5236\u5668\u3002\u8be5\u4ea7\u54c1\u5177\u6709\u5e94\u7528\u4ea4\u4ed8\u63a7\u5236\u548c\u8d1f\u8f7d\u5747\u8861\u7b49\u529f\u80fd\u3002\r\n\r\nCitrix Systems NetScaler Gateway\u548cCitrix ADC\u4e2d\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\uff0c\u83b7\u53d6\u8bbe\u5907\u7684\u7ba1\u7406\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Citrix Systems NetScaler Gateway\u548cCitrix Application Delivery Controller\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Citrix Systems NetScaler Application Delivery Controller\uff08ADC\uff09 \u003c10.5 build 70.8",
      "Citrix Systems NetScaler Application Delivery Controller\uff08ADC\uff09 11.*\uff0c\u003c11.1 build 63.9",
      "Citrix Systems NetScaler Application Delivery Controller\uff08ADC\uff09 12.0\uff0c\u003c12.0 build 62.10",
      "Citrix Systems NetScaler Application Delivery Controller\uff08ADC\uff09 12.1\uff0c\u003c12.1 build 54.16",
      "Citrix Systems NetScaler Application Delivery Controller\uff08ADC\uff09 13.0\uff0c\u003c13.0 build 41.28",
      "Citrix Systems NetScaler Gateway \u003c10.5 build 70.8",
      "Citrix Systems NetScaler Gateway 11.*\uff0c\u003c11.1 build 63.9",
      "Citrix Systems NetScaler Gateway 12.0\uff0c\u003c12.0 build 62.10",
      "Citrix Systems NetScaler Gateway 12.1\uff0c\u003c12.1 build 54.16",
      "Citrix Systems NetScaler Gateway 13.0\uff0c\u003c13.0 build 41.28"
    ]
  },
  "referenceLink": "https://support.citrix.com/article/CTX261055\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-18225",
  "serverity": "\u9ad8",
  "submitTime": "2019-10-22",
  "title": "Citrix Systems NetScaler Gateway\u548cCitrix Application Delivery Controller\u6388\u6743\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2019-18225 (GCVE-0-2019-18225)

Vulnerability from cvelistv5

Published

2019-10-21 17:09

Modified

2024-08-05 01:47

Severity ?

CWE

Summary

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name.

References

▼	URL	Tags
	https://support.citrix.com/article/CTX261055	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:47:14.102Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX261055"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-21T17:09:23",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.citrix.com/article/CTX261055"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-18225",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.citrix.com/article/CTX261055",
              "refsource": "MISC",
              "url": "https://support.citrix.com/article/CTX261055"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-18225",
    "datePublished": "2019-10-21T17:09:23",
    "dateReserved": "2019-10-21T00:00:00",
    "dateUpdated": "2024-08-05T01:47:14.102Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted