CVE-2011-2883 — Improper Input Validation in Citrix Access Gateway

CWE-20 — Improper Input Validation3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

0.4%

top 41.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Access Gateway

Timeline

PublishedJul 21

Latest updateMay 17

Description

The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 attempts to validate signed DLLs by checking the certificate subject, not the signature, which allows man-in-the-middle attackers to execute arbitrary code via HTTP header data referencing a DLL that was signed with a crafted certificate.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDcitrix/access_gateway8.1, 9.0, 9.1+2

🔴Vulnerability Details

GHSA

GHSA-h237-vcw4-4cvv: The NSEPA↗2022-05-17

▶

📋Vendor Advisories

Citrix

CVE-2011-2883: The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 befor↗2011-07-21

▶