Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
citrixCitrixCTX200254
HistoryOct 24, 2014 - 4:00 a.m.

CVE-2014-8580 - Authentication Flaw in Citrix NetScaler Application Delivery Controller and NetScaler Gateway Could Result in Unauthorised Access to Network Resources

2014-10-2404:00:00
support.citrix.com
14

EPSS

0.002

Percentile

52.3%

JSON

Description of Problem

An authentication flaw has been identified in certain configurations of Citrix NetScaler ADC and NetScaler Gateway that could allow an authenticated user to obtain unauthorised access to network resources for another authenticated user.

This flaw affects the following versions of Citrix NetScaler ADC and NetScaler Gateway:

  • Version 10.5.x between 10.5.50.10 and 10.5.51.10
  • Version 10.1.x between 10.1.122.17 and 10.1.128.8
  • Version 10.1.x β€œEnhanced” between 10.1-120.1316.e and 10.1-128.8003.e

This flaw has been assigned the following CVE number:

CVE-2014-8580: Authentication Flaw in Citrix NetScaler Application Delivery Controller and NetScaler Gateway Could Result in Unauthorised Access to Network Resources

Mitigating Factors

In default configuration configurations of Citrix NetScaler ADC and NetScaler Gateway, the authentication flaw would not be exposed.

What Customers Should Do

This flaw has been addressed in the following versions:

  • Citrix NetScaler ADC and NetScaler Gateway 10.5-52.11 and later.
  • Citrix NetScaler ADC and NetScaler Gateway 10.1-129.11 and later.
  • Citrix NetScaler 10.1-129.1105.e and later.

Citrix recommends that customers that are vulnerable to this issue upgrade to one of these versions. These upgrades can be obtained from the following locations:

NetScaler ADC Firmware

<https://www.citrix.com/downloads/netscaler-adc/firmware.html&gt;

NetScaler ADC Virtual Appliance

<https://www.citrix.com/downloads/netscaler-adc/virtual-appliances.html&gt;

NetScaler Gateway Product Software

<https://www.citrix.com/downloads/netscaler-gateway/product-software.html&gt;

What Citrix Is Doing

Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at _ <http://support.citrix.com/&gt;_.

Obtaining Support on This Issue

If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at _ <https://www.citrix.com/support/open-a-support-case.html&gt;_.

Reporting Security Vulnerabilities

Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 – Reporting Security Issues to Citrix

Changelog

Date Change
November 5th 2014 Initial publishing

Related

prion 1
nessus 1
nvd 1
openvas 1
cvelist 1
cve 1
prion
prion
Code injection
2014-11-07 19:55:00
nessus
nessus
Citrix NetScaler Unspecified Remote Unauthorized Access (CTX200254)
2015-02-12 00:00:00
nvd
nvd
CVE-2014-8580
2014-11-07 19:55:04
openvas
openvas
Citrix NetScaler Unauthorised Access Vulnerability (CTX200254)
2015-05-12 00:00:00
cvelist
cvelist
CVE-2014-8580
2014-11-07 19:00:00
cve
cve
CVE-2014-8580
2014-11-07 19:55:04

EPSS

0.002

Percentile

52.3%

JSON
Related for CTX200254
prion1nessus1nvd1openvas1cvelist1cve1