CVE-2017-14602 — Improper Authentication in Citrix Application Delivery Controller Firmware

CWE-287 — Improper Authentication5 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.4%

top 39.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Application Delivery Controller Firmware Citrix Netscaler Gateway Firmware Citrix ADM +7 more

Timeline

PublishedSep 26

Latest updateMay 13

Description

A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages10 packages

▶citrixcitrix/netscaler_gateway

▶citrixcitrix/netscaler_adc_gateway

▶NVDcitrix/netscaler_gateway_firmware6 versions+5

▶citrixcitrix/netscaler_adc

▶NVDcitrix/application_delivery_controller_firmware6 versions+5

Patches

Patch: support.citrix.com ↗Patch: support.citrix.com ↗

🔴Vulnerability Details

GHSA

GHSA-m34h-9xmf-w4xr: A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10↗2022-05-13

▶

📋Vendor Advisories

Citrix

CVE-2017-14602: A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 b↗2017-09-26

▶

Citrix

Citrix Security Bulletin CTX227928↗

▶

Citrix

Citrix Security Bulletin CTX228091↗

▶