Published: 14/01/2011 Updated: 22/09/2011

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 940

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and previous versions, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows malicious users to execute arbitrary commands via shell metacharacters in the password field.

Vulnerable Product	Search on Vulmon	Subscribe to Product
citrix access gateway 9.1-104.5
citrix access gateway 8.1-69.4
citrix access gateway 9.0.71.3
citrix access gateway 8.0
citrix access gateway
citrix access gateway .8.0
citrix access gateway 4.5.5
citrix access gateway 4.5.6
citrix access gateway 4.6.2
citrix access gateway 4.6.3
citrix access gateway 4.5.7
citrix access gateway 4.5
citrix access gateway 4.6.1

Citrix Access Gateway Command Injection Enterprise Edition up to 92-498 and Standard and Advanced Editions prior to 50 suffer from a remote command injection vulnerability ...

## # $Id: citrix_access_gateway_execrb 11873 2011-03-03 20:51:12Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/ ...

NVD-CWE-noinfo http://support.citrix.com/article/CTX127613 http://www.securitytracker.com/id?1024893 http://www.osvdb.org/70099 http://www.exploit-db.com/exploits/16916 http://www.vsecurity.com/resources/advisory/20101221-1 http://securityreason.com/securityalert/8119 https://nvd.nist.gov https://packetstormsecurity.com/files/96880/Citrix-Access-Gateway-Command-Injection.html https://www.exploit-db.com/exploits/15806/

CVE-2010-4566

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect