CVE-2010-4566

critical

Description

The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field.

References

http://www.vsecurity.com/resources/advisory/20101221-1

http://www.securitytracker.com/id?1024893

http://www.osvdb.org/70099

http://www.exploit-db.com/exploits/16916

http://support.citrix.com/article/CTX127613

http://securityreason.com/securityalert/8119

Details

Source: Mitre, NVD

Published: 2011-01-14

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.27795