CVE-2013-6943 — Code Injection in Citrix Netscaler Application Delivery Controller Firmware

CWE-94 — Code Injection4 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 47.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Netscaler Application Delivery Controller Firmware Citrix ADM Citrix Hypervisor +6 more

Timeline

PublishedMar 11

Latest updateMay 17

Description

Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to conduct an LDAP injection attack via vectors related to SSH and Web management usernames.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages9 packages

▶NVDcitrix/netscaler_application_delivery_controller_firmware4 versions+3

▶citrixcitrix/netscaler_adc

▶citrixcitrix/netscaler_gateway

▶citrixcitrix/endpoint_management

▶citrixcitrix/netscaler_adc_gateway

🔴Vulnerability Details

GHSA

GHSA-gfxq-2465-pcwr: Citrix NetScaler Application Delivery Controller (ADC) 9↗2022-05-17

▶

📋Vendor Advisories

Citrix

CVE-2013-6943: Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attacker↗2014-03-11

▶

Citrix

Citrix Security Bulletin CTX139049↗

▶