CVE-2010-4566

Currently unrated

Key Information:

Vendor: Citrix
Status: Access Gateway
Vendor: CVE Published:; 14 January 2011

Summary

The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field.

References

http://www.securitytracker.com/id?1024893

vdb-entryx_refsource_SECTRACK

http://www.vsecurity.com/resources/advisory/20101221-1

x_refsource_MISC

http://support.citrix.com/article/CTX127613

x_refsource_CONFIRM

EPSS Score

14% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 14, 2011
Vulnerability Reserved
Dec 20, 2010

Collectors

NVD DatabaseMitre Database