Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-4566Citrix Access Gateway vulnerability

7 documents5 sources
Severity
9.3CRITICALNVD
EPSS
71.8%
top 1.26%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
8
Citrix Access GatewayCitrix ADMCitrix Hypervisor+5 more
Timeline
PublishedJan 14
Latest updateMay 17

Description

The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages8 packages

NVDcitrix/access_gateway9.2-49.8+12

🔴Vulnerability Details

1
GHSA
GHSA-9p2p-8259-272j: The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 92022-05-17

💥Exploits & PoCs

3
Exploit-DB
Citrix Access Gateway - Command Execution (Metasploit)2011-03-03
Exploit-DB
Citrix Access Gateway - Command Injection2010-12-22
Metasploit
Citrix Access Gateway Command Execution

📋Vendor Advisories

2
Citrix
CVE-2010-4566: The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authent2011-01-14
Citrix
Citrix Security Bulletin CTX127613