Lucene search

[email protected]CVE-2019-18225

HistoryOct 21, 2019 - 6:15 p.m.

CVE-2019-18225

2019-10-2118:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

citrix

adc

gateway

authentication bypass

cve-2019-18225

netscaler

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.8%

JSON

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name.

CPENameOperatorVersion
citrix:application_delivery_controller_firmwarecitrix application delivery controller firmwareeq10.5
citrix:application_delivery_controller_firmwarecitrix application delivery controller firmwareeq11.1
citrix:application_delivery_controller_firmwarecitrix application delivery controller firmwareeq12.0
citrix:application_delivery_controller_firmwarecitrix application delivery controller firmwareeq12.1
citrix:application_delivery_controller_firmwarecitrix application delivery controller firmwareeq13.0
citrix:netscaler_gateway_firmwarecitrix netscaler gateway firmwareeq10.5
citrix:netscaler_gateway_firmwarecitrix netscaler gateway firmwareeq11.1
citrix:netscaler_gateway_firmwarecitrix netscaler gateway firmwareeq12.0
citrix:netscaler_gateway_firmwarecitrix netscaler gateway firmwareeq12.1
citrix:gateway_firmwarecitrix gateway firmwareeq13.0

CPE	Name	Operator	Version
citrix:application_delivery_controller_firmware	citrix application delivery controller firmware	eq	10.5
citrix:application_delivery_controller_firmware	citrix application delivery controller firmware	eq	11.1
citrix:application_delivery_controller_firmware	citrix application delivery controller firmware	eq	12.0
citrix:application_delivery_controller_firmware	citrix application delivery controller firmware	eq	12.1
citrix:application_delivery_controller_firmware	citrix application delivery controller firmware	eq	13.0
citrix:netscaler_gateway_firmware	citrix netscaler gateway firmware	eq	10.5
citrix:netscaler_gateway_firmware	citrix netscaler gateway firmware	eq	11.1
citrix:netscaler_gateway_firmware	citrix netscaler gateway firmware	eq	12.0
citrix:netscaler_gateway_firmware	citrix netscaler gateway firmware	eq	12.1
citrix:gateway_firmware	citrix gateway firmware	eq	13.0

References

support.citrix.com/article/CTX261055

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.8%

JSON

Related for CVE-2019-18225

citrix1 symantec1 prion1 cvelist1 nessus1