var-201905-0568
Vulnerability from variot
A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. The following versions of Citrix ADC and Citrix NetScaler Gateway are affected: 10.5.x prior to 10.5.70 11.1.x prior to 11.1.59.10 12.0.x prior to 12.0.59.8 12.1.x prior to 12.1.49.23. Citrix Systems NetScaler Gateway is a secure remote access solution. This solution provides administrators with application-level and data-level control functions to enable users to remotely access applications and data from any location. The product has features such as application delivery control and load balancing. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0568",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netscaler application delivery controller",
"scope": "gte",
"trust": 1.0,
"vendor": "citrix",
"version": "10.5.0"
},
{
"model": "netscaler application delivery controller",
"scope": "gte",
"trust": 1.0,
"vendor": "citrix",
"version": "11.1.0"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "citrix",
"version": "11.1.59.10"
},
{
"model": "netscaler gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "citrix",
"version": "11.1.0"
},
{
"model": "netscaler gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "citrix",
"version": "10.5.0"
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 1.0,
"vendor": "citrix",
"version": "11.1.59.10"
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 1.0,
"vendor": "citrix",
"version": "12.1.49.23"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "citrix",
"version": "12.1.49.23"
},
{
"model": "netscaler application delivery controller",
"scope": "gte",
"trust": 1.0,
"vendor": "citrix",
"version": "12.0.0"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "citrix",
"version": "10.5.70"
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 1.0,
"vendor": "citrix",
"version": "12.0.59.8"
},
{
"model": "netscaler gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "citrix",
"version": "12.0.0"
},
{
"model": "netscaler application delivery controller",
"scope": "lt",
"trust": 1.0,
"vendor": "citrix",
"version": "10.5.70"
},
{
"model": "netscaler gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "citrix",
"version": "12.0.59.8"
},
{
"model": "netscaler gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "citrix",
"version": "12.1.0"
},
{
"model": "netscaler application delivery controller",
"scope": "gte",
"trust": 1.0,
"vendor": "citrix",
"version": "12.1.0"
},
{
"model": "netscaler application delivery controller",
"scope": null,
"trust": 0.8,
"vendor": "citrix",
"version": null
},
{
"model": "netscaler gateway",
"scope": null,
"trust": 0.8,
"vendor": "citrix",
"version": null
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "12.1"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "12.0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.1"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "12.1"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "12.0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "11.1"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "10.5"
},
{
"model": "netscaler gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "10.5.70"
},
{
"model": "netscaler gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "11.1.59.10"
},
{
"model": "netscaler application delivery controller",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "10.5.70"
},
{
"model": "netscaler application delivery controller",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "12.1.49.23"
},
{
"model": "netscaler application delivery controller",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "12.0.59.8"
},
{
"model": "netscaler application delivery controller",
"scope": "ne",
"trust": 0.3,
"vendor": "citrix",
"version": "11.1.59.10"
},
{
"model": "netscaler gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1.49.23"
},
{
"model": "netscaler gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0.59.8"
}
],
"sources": [
{
"db": "BID",
"id": "108343"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004828"
},
{
"db": "NVD",
"id": "CVE-2019-12044"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:citrix:netscaler_application_delivery_controller_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:citrix:netscaler_gateway_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004828"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Citrix",
"sources": [
{
"db": "BID",
"id": "108343"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-444"
}
],
"trust": 0.9
},
"cve": "CVE-2019-12044",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-12044",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-143751",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-12044",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-12044",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-12044",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-444",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-143751",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143751"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004828"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-444"
},
{
"db": "NVD",
"id": "CVE-2019-12044"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23. \nAttackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. \nThe following versions of Citrix ADC and Citrix NetScaler Gateway are affected:\n10.5.x prior to 10.5.70\n11.1.x prior to 11.1.59.10\n12.0.x prior to 12.0.59.8\n12.1.x prior to 12.1.49.23. Citrix Systems NetScaler Gateway is a secure remote access solution. This solution provides administrators with application-level and data-level control functions to enable users to remotely access applications and data from any location. The product has features such as application delivery control and load balancing. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-12044"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004828"
},
{
"db": "BID",
"id": "108343"
},
{
"db": "VULHUB",
"id": "VHN-143751"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-12044",
"trust": 2.8
},
{
"db": "BID",
"id": "108343",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004828",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-444",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1688",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-143751",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143751"
},
{
"db": "BID",
"id": "108343"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004828"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-444"
},
{
"db": "NVD",
"id": "CVE-2019-12044"
}
]
},
"id": "VAR-201905-0568",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-143751"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:37:52.485000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CTX249976",
"trust": 0.8,
"url": "https://support.citrix.com/article/CTX249976"
},
{
"title": "Search",
"trust": 0.8,
"url": "https://support.citrix.com/search/#/All%20Products?ct=All%20types\u0026searchText=%22%22\u0026lang=en\u0026sort=cr_date_desc\u0026prod=\u0026pver=\u0026ct=Security+Bulletin\u0026sortBy=Relevance"
},
{
"title": "CitrixADC and Citrix NetScaler Gateway Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92602"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004828"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-444"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143751"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004828"
},
{
"db": "NVD",
"id": "CVE-2019-12044"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://support.citrix.com/article/ctx249976"
},
{
"trust": 1.6,
"url": "https://support.citrix.com/v1/search?searchquery=%22%22\u0026lang=en\u0026sort=cr_date_desc\u0026prod=\u0026pver=\u0026ct=security+bulletin"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12044"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/108343"
},
{
"trust": 0.9,
"url": "http://www.citrix.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12044"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80798"
},
{
"trust": 0.1,
"url": "https://support.citrix.com/v1/search?searchquery=%22%22\u0026amp;lang=en\u0026amp;sort=cr_date_desc\u0026amp;prod=\u0026amp;pver=\u0026amp;ct=security+bulletin"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143751"
},
{
"db": "BID",
"id": "108343"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004828"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-444"
},
{
"db": "NVD",
"id": "CVE-2019-12044"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-143751"
},
{
"db": "BID",
"id": "108343"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004828"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-444"
},
{
"db": "NVD",
"id": "CVE-2019-12044"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-143751"
},
{
"date": "2019-05-13T00:00:00",
"db": "BID",
"id": "108343"
},
{
"date": "2019-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004828"
},
{
"date": "2019-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-444"
},
{
"date": "2019-05-22T16:29:01.243000",
"db": "NVD",
"id": "CVE-2019-12044"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-24T00:00:00",
"db": "VULHUB",
"id": "VHN-143751"
},
{
"date": "2019-05-13T00:00:00",
"db": "BID",
"id": "108343"
},
{
"date": "2019-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004828"
},
{
"date": "2019-05-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-444"
},
{
"date": "2024-11-21T04:22:09.690000",
"db": "NVD",
"id": "CVE-2019-12044"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-444"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Citrix NetScaler Gateway and Application Delivery Controller Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004828"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-444"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.