Detections
Analytics
Citrix NetScaler Application Delivery Controller Multiple Vulnerabilities
critical Nessus Plugin ID 73205
Language:
Synopsis
The remote device is affected by multiple vulnerabilities.Description
The remote Citrix NetScaler version is affected by multiple vulnerabilities :- A denial of service vulnerability in the VM Virtual Machine Daemon. Please note that this particular vulnerability does not apply to Citrix NetScaler 10.1.
(CVE-2013-6938)
- A denial of service vulnerability in the Application Delivery Controller RADIUS authentication.
(CVE-2013-6939)
- An authenticated denial of service in the SNMP daemon. (CVE-2012-2142)
- An unspecified authentication disclosure in the Application Delivery Controller. (CVE-2013-6940)
- An unspecified shell breakout in the Application Delivery Controller firmware. (CVE-2013-6941)
- An unspecified LDAP username injection vulnerability in the Application Delivery Controller.
(CVE-2013-6943)
- A cross-site scripting vulnerability in the AAA TM vServer user interface. (CVE-2013-6944)
Solution
Upgrade to Citrix NetScaler 10.1-118.7 / 10.0-77.5 / 9.3-64.4 or later.See Also
Plugin Details
Severity: Critical
ID: 73205
File Name: citrix_netscaler_adc_multiple.nasl
Version: 1.6
Type: combined
Family: Misc.
Published: 3/26/2014
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/o:citrix:netscaler_application_delivery_controller_firmware
Required KB Items: Host/NetScaler/Detected
Exploit Ease: No known exploits are available
Patch Publication Date: 3/5/2014
Vulnerability Publication Date: 3/5/2014
Reference Information
CVE: CVE-2012-2141, CVE-2013-6938, CVE-2013-6939, CVE-2013-6940, CVE-2013-6941, CVE-2013-6942, CVE-2013-6943, CVE-2013-6944