CVE-2013-6942 — Cross-Site Request Forgery in Citrix Netscaler Application Delivery Controller Firmware

CWE-352 — Cross-Site Request Forgery4 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.1%

top 68.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Netscaler Application Delivery Controller Firmware Citrix ADM Citrix Hypervisor +6 more

Timeline

PublishedMar 11

Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages9 packages

▶NVDcitrix/netscaler_application_delivery_controller_firmware4 versions+3

▶citrixcitrix/netscaler_adc

▶citrixcitrix/netscaler_gateway

▶citrixcitrix/netscaler_adc_gateway

▶citrixcitrix/xenserver

🔴Vulnerability Details

GHSA

GHSA-7pxr-j7mv-7cq3: Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9↗2022-05-17

▶

📋Vendor Advisories

Citrix

CVE-2013-6942: Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5↗2014-03-11

▶

Citrix

Citrix Security Bulletin CTX139049↗

▶