CVE-2009-2213

EUVD-2009-2209
The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
citrixnetscaler_access_gateway_firmware
𝑥
≤ 8.1
citrixnetscaler_access_gateway_firmware
7.0
citrixnetscaler_access_gateway_firmware
8.0
citrixnetscaler_access_gateway_firmware
9.0
citrixnetscaler_access_gateway
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://support.citrix.com/article/CTX118770
http://www.securityfocus.com/bid/35422
http://www.vupen.com/english/advisories/2009/1641
https://exchange.xforce.ibmcloud.com/vulnerabilities/51274
http://support.citrix.com/article/CTX118770
http://www.securityfocus.com/bid/35422
http://www.vupen.com/english/advisories/2009/1641
https://exchange.xforce.ibmcloud.com/vulnerabilities/51274