Security Configuration Flaw in Citrix NetScaler Access Gateway Appliance
CVE-2009-2213

6.5MEDIUM

Key Information:

Vendor
Citrix
Status
Netscaler Access Gateway Firmware
Netscaler Access Gateway
Vendor
CVE Published:
25 June 2009

Summary

A security configuration issue exists within the Citrix NetScaler Access Gateway Appliance, particularly in the default settings for the Security global settings. The default configuration permits the 'Allow' option for the Default Authorization Action, which may let remote authenticated users bypass access restrictions, potentially compromising sensitive data and the integrity of the network. Users are urged to review and modify their settings to prevent unauthorized access.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/51274
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/35422
vdb-entryx_refsource_BID
http://www.vupen.com/english/advisories/2009/1641
vdb-entryx_refsource_VUPEN

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.