Citrix NetScaler Application Delivery Controller Multiple Vulnerabilities

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote device is affected by multiple vulnerabilities.

Description :

The remote Citrix NetScaler version is affected by multiple
vulnerabilities :

- A denial of service vulnerability in the VM Virtual
Machine Daemon. Please note that this particular
vulnerability does not apply to Citrix NetScaler 10.1.
(CVE-2013-6938)

- A denial of service vulnerability in the Application
Delivery Controller RADIUS authentication.
(CVE-2013-6939)

- An authenticated denial of service in the SNMP
daemon. (CVE-2012-2142)

- An unspecified authentication disclosure in the
Application Delivery Controller. (CVE-2013-6940)

- An unspecified shell breakout in the Application
Delivery Controller firmware. (CVE-2013-6941)

- An unspecified LDAP username injection vulnerability
in the Application Delivery Controller.
(CVE-2013-6943)

- A cross-site scripting vulnerability in the AAA TM
vServer user interface. (CVE-2013-6944)

See also :

http://support.citrix.com/article/CTX139049
http://support.citrix.com/article/CTX140113

Solution :

Upgrade to Citrix NetScaler 10.1-118.7 / 10.0-77.5 / 9.3-64.4 or
later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false