Vulnerability Description
The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Access Gateway | <= 9.2-49.8 |
References
- http://securityreason.com/securityalert/8119
- http://support.citrix.com/article/CTX127613Vendor Advisory
- http://www.exploit-db.com/exploits/16916
- http://www.osvdb.org/70099
- http://www.securitytracker.com/id?1024893
- http://www.vsecurity.com/resources/advisory/20101221-1
- http://securityreason.com/securityalert/8119
- http://support.citrix.com/article/CTX127613Vendor Advisory
- http://www.exploit-db.com/exploits/16916
- http://www.osvdb.org/70099
- http://www.securitytracker.com/id?1024893
- http://www.vsecurity.com/resources/advisory/20101221-1
FAQ
What is CVE-2010-4566?
CVE-2010-4566 is a vulnerability with a CVSS score of 9.3 (HIGH). The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and A...
How severe is CVE-2010-4566?
CVE-2010-4566 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4566?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Access Gateway.