Citrix NetScaler Application Delivery Controller Multiple Vulnerabilities

critical Nessus Plugin ID 73205

Synopsis

The remote device is affected by multiple vulnerabilities.

Description

The remote Citrix NetScaler version is affected by multiple vulnerabilities :

- A denial of service vulnerability in the VM Virtual Machine Daemon. Please note that this particular vulnerability does not apply to Citrix NetScaler 10.1.
(CVE-2013-6938)

- A denial of service vulnerability in the Application Delivery Controller RADIUS authentication.
(CVE-2013-6939)

- An authenticated denial of service in the SNMP daemon. (CVE-2012-2142)

- An unspecified authentication disclosure in the Application Delivery Controller. (CVE-2013-6940)

- An unspecified shell breakout in the Application Delivery Controller firmware. (CVE-2013-6941)

- An unspecified LDAP username injection vulnerability in the Application Delivery Controller.
(CVE-2013-6943)

- A cross-site scripting vulnerability in the AAA TM vServer user interface. (CVE-2013-6944)

Solution

Upgrade to Citrix NetScaler 10.1-118.7 / 10.0-77.5 / 9.3-64.4 or later.

See Also

https://support.citrix.com/article/CTX139049

https://support.citrix.com/article/CTX140113

Plugin Details

Severity: Critical

ID: 73205

File Name: citrix_netscaler_adc_multiple.nasl

Version: 1.6

Type: combined

Family: Misc.

Published: 3/26/2014

Updated: 11/15/2018

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:citrix:netscaler_application_delivery_controller_firmware

Required KB Items: Host/NetScaler/Detected

Exploit Ease: No known exploits are available

Patch Publication Date: 3/5/2014

Vulnerability Publication Date: 3/5/2014

Reference Information

CVE: CVE-2012-2141, CVE-2013-6938, CVE-2013-6939, CVE-2013-6940, CVE-2013-6941, CVE-2013-6942, CVE-2013-6943, CVE-2013-6944

BID: 53255, 66008, 66010, 66013, 66014, 66018, 66020, 66043

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990