Vulnerability Description
The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Netscaler Access Gateway Firmware | <= 8.1 |
| Citrix | Netscaler Access Gateway | - |
Related Weaknesses (CWE)
References
- http://support.citrix.com/article/CTX118770Broken LinkVendor Advisory
- http://www.securityfocus.com/bid/35422Broken LinkThird Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2009/1641Permissions Required
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51274Third Party AdvisoryVDB Entry
- http://support.citrix.com/article/CTX118770Broken LinkVendor Advisory
- http://www.securityfocus.com/bid/35422Broken LinkThird Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2009/1641Permissions Required
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51274Third Party AdvisoryVDB Entry
FAQ
What is CVE-2009-2213?
CVE-2009-2213 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Author...
How severe is CVE-2009-2213?
CVE-2009-2213 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2213?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Netscaler Access Gateway Firmware, Citrix Netscaler Access Gateway.