CVE-2009-2213Incorrect Authorization in Citrix Netscaler Access Gateway Firmware

CWE-863Incorrect AuthorizationCWE-285Improper AuthorizationCWE-287Improper AuthenticationCWE-862Missing Authorization8 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 42.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Citrix Netscaler Access Gateway FirmwareCitrix ADMCitrix Hypervisor+6 more
Timeline
PublishedJun 25
Latest updateMay 2

Description

The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages9 packages

🔴Vulnerability Details

1
GHSA
GHSA-mqmq-69c9-vm4c: The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 92022-05-02

📋Vendor Advisories

2
Citrix
CVE-2009-2213: The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1,2009-06-25
Citrix
Citrix Security Bulletin CTX118770

📐Framework References

4
CWE
Incorrect Authorization
CWE
Improper Authorization
CWE
Improper Authentication
CWE
Missing Authorization