CVE-2014-8580 — Citrix Netscaler Application Delivery Controller Firmware vulnerability

CWE-2644 documents3 sources

Severity

4.9MEDIUMNVD

EPSS

0.3%

top 51.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Netscaler Application Delivery Controller Firmware Citrix Netscaler Gateway Firmware Citrix Application Delivery Controller +5 more

Timeline

PublishedNov 7

Latest updateMay 17

Description

Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.10 before 10.5-52.11, 10.1.122.17 before 10.1-129.11, and 10.1-120.1316.e before 10.1-129.1105.e, when using unspecified configurations, allows remote authenticated users to access "network resources" of other users via unknown vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 6.8 | Impact: 4.9

Affected Packages8 packages

▶NVDcitrix/netscaler_application_delivery_controller_firmware12 versions+11

▶citrixcitrix/netscaler_gateway

▶citrixcitrix/netscaler_adc_gateway

▶NVDcitrix/netscaler_gateway_firmware12 versions+11

▶citrixcitrix/application_delivery_controller

Patches

Patch: support.citrix.com ↗Patch: support.citrix.com ↗

🔴Vulnerability Details

GHSA

GHSA-xxmm-334r-gmx7: Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10↗2022-05-17

▶

📋Vendor Advisories

Citrix

CVE-2014-8580: Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.10 before 10.5-52.11, 10.1.122.17 before 10.1-129.11, and 10.1-120.1316↗2014-11-07

▶

Citrix

CVE-2014-8580 - Authentication Flaw in Citrix NetScaler Application Delivery Controller and NetScaler Gateway Could Result in Unauthorised Access to Network Resources↗

▶