CVE-2007-3679 — Citrix Access Gateway vulnerability

8 documents3 sources

Severity

9.3CRITICALNVD

NVD4.3

EPSS

1.2%

top 21.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Access Gateway Citrix ADM Citrix Hypervisor +5 more

Timeline

PublishedJul 25

Latest updateMay 1

Description

The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages8 packages

▶NVDcitrix/access_gateway4.5+1

▶citrixcitrix/netscaler_gateway

▶citrixcitrix/endpoint_management

▶citrixcitrix/xenserver

▶citrixcitrix/citrix_adm

Patches

Patch: secunia.com ↗Patch: support.citrix.com ↗Patch: support.citrix.com ↗

🔴Vulnerability Details

GHSA

GHSA-jr23-4p9p-9p44: The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4↗2022-05-01

▶

GHSA

GHSA-7hh7-mhm5-pgp7: Multiple unspecified vulnerabilities in (1) Net6Helper↗2022-05-01

▶

📋Vendor Advisories

Citrix

CVE-2007-4013: Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis↗2007-07-26

▶

Citrix

CVE-2007-3679: The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Sta↗2007-07-25

▶

Citrix

Citrix Security Bulletin CTX113815↗

▶

Citrix

Citrix Security Bulletin CTX114028↗

▶