Vulnerability Name: CVE-2017-14602 (CCN-132693) Assigned: 2017-09-26 Published: 2017-09-26 Updated: 2019-10-03 Summary: A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance. CVSS v3 Severity: 7.2 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 6.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): HighUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): HighAvailibility (A): None
CVSS v2 Severity: 9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): CompleteAvailibility (A): None
Vulnerability Type: CWE-287 Vulnerability Consequences: Bypass Security References: Source: MITRECVE-2017-14602 100980 Citrix NetScaler ADC and NetScaler Gateway CVE-2017-14602 Authentication Bypass Vulnerability citrix-cve201714602-sec-bypass(132693) Authentication Bypass Vulnerability in Citrix NetScaler ADC and NetScaler Gateway Management Interface https://support.citrix.com/article/CTX227928 https://support.citrix.com/article/CTX228091 Vulnerable Configuration: Configuration 1 :cpe:/o:citrix:application_delivery_controller_firmware:10.1:*:*:*:*:*:*:* OR cpe:/o:citrix:application_delivery_controller_firmware:10.5:*:*:*:*:*:*:* OR cpe:/o:citrix:application_delivery_controller_firmware:10.5e:*:*:*:*:*:*:* OR cpe:/o:citrix:application_delivery_controller_firmware:11.0:*:*:*:*:*:*:* OR cpe:/o:citrix:application_delivery_controller_firmware:11.1:*:*:*:*:*:*:* OR cpe:/o:citrix:application_delivery_controller_firmware:12.0:*:*:*:*:*:*:* OR cpe:/o:citrix:netscaler_gateway_firmware:10.1:*:*:*:*:*:*:* OR cpe:/o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:* OR cpe:/o:citrix:netscaler_gateway_firmware:10.5e:*:*:*:*:*:*:* OR cpe:/o:citrix:netscaler_gateway_firmware:11.0:*:*:*:*:*:*:* OR cpe:/o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:* OR cpe:/o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:citrix:netscaler_application_delivery_controller:10.1:*:*:*:*:*:*:* OR cpe:/a:citrix:netscaler_application_delivery_controller:10.5e:*:*:*:*:*:*:* OR cpe:/a:citrix:netscaler_application_delivery_controller:10.5:*:*:*:*:*:*:* OR cpe:/a:citrix:netscaler_application_delivery_controller:11.0:*:*:*:*:*:*:* OR cpe:/a:citrix:netscaler_application_delivery_controller:11.1:*:*:*:*:*:*:* OR cpe:/a:citrix:netscaler_application_delivery_controller:12.0:*:*:*:*:*:*:* OR cpe:/o:citrix:netscaler_gateway_firmware:10.1:*:*:*:*:*:*:* OR cpe:/o:citrix:netscaler_gateway_firmware:10.5e:*:*:*:*:*:*:* OR cpe:/o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:* OR cpe:/o:citrix:netscaler_gateway_firmware:11.0:*:*:*:*:*:*:* OR cpe:/o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:* OR cpe:/o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:* BACK
citrix application delivery controller firmware 10.1
citrix application delivery controller firmware 10.5
citrix application delivery controller firmware 10.5e
citrix application delivery controller firmware 11.0
citrix application delivery controller firmware 11.1
citrix application delivery controller firmware 12.0
citrix netscaler gateway firmware 10.1
citrix netscaler gateway firmware 10.5
citrix netscaler gateway firmware 10.5e
citrix netscaler gateway firmware 11.0
citrix netscaler gateway firmware 11.1
citrix netscaler gateway firmware 12.0
citrix netscaler application delivery controller 10.1
citrix netscaler application delivery controller 10.5e
citrix netscaler application delivery controller 10.5
citrix netscaler application delivery controller 11.0
citrix netscaler application delivery controller 11.1
citrix netscaler application delivery controller 12.0
citrix netscaler gateway 10.1
citrix netscaler gateway 10.5e
citrix netscaler gateway 10.5
citrix netscaler gateway 11.0
citrix netscaler gateway 11.1
citrix netscaler gateway 12.0
Denotes that component is vulnerable