Vulnerability Details : CVE-2010-4566
Public exploit exists!
The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field.
Exploit prediction scoring system (EPSS) score for CVE-2010-4566
Probability of exploitation activity in the next 30 days: 8.64%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2010-4566
-
Citrix Access Gateway Command Execution
Disclosure Date: 2010-12-21First seen: 2020-04-26exploit/unix/webapp/citrix_access_gateway_execThe Citrix Access Gateway provides support for multiple authentication types. When utilizing the external legacy NTLM authentication module known as ntlm_authenticator the Access Gateway spawns the Samba 'samedit' command line utility to verify a user's identity an
CVSS scores for CVE-2010-4566
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2010-4566
-
http://www.vsecurity.com/resources/advisory/20101221-1
VSR | 404 Not Found
-
http://securityreason.com/securityalert/8119
Citrix Access Gateway Command Execution - CXSecurity.com
-
http://www.securitytracker.com/id?1024893
Citrix Access Gateway Flaw in Legacy NT Authentication Component Lets Remote Users Inject Commands - SecurityTracker
-
http://www.exploit-db.com/exploits/16916
Citrix Access Gateway - Command Execution (Metasploit) - Linux remote Exploit
-
http://support.citrix.com/article/CTX127613
Vulnerability in Citrix Access Gateway legacy authentication support could result in command injectionVendor Advisory
Products affected by CVE-2010-4566
- cpe:2.3:a:citrix:access_gateway:*:*:enterprise:*:*:*:*:*
- cpe:2.3:a:citrix:access_gateway:4.5:*:advanced:*:*:*:*:*
- cpe:2.3:a:citrix:access_gateway:4.5:*:standard:*:*:*:*:*
- cpe:2.3:a:citrix:access_gateway:4.5.5:*:standard:*:*:*:*:*
- cpe:2.3:a:citrix:access_gateway:4.5.6:*:standard:*:*:*:*:*
- cpe:2.3:a:citrix:access_gateway:9.1-104.5:*:enterprise:*:*:*:*:*
- cpe:2.3:a:citrix:access_gateway:8.1-69.4:*:enterprise:*:*:*:*:*
- cpe:2.3:a:citrix:access_gateway:9.0.71.3:*:enterprise:*:*:*:*:*
- cpe:2.3:a:citrix:access_gateway:8.0:m59.1:enterprise:*:*:*:*:*
- cpe:2.3:a:citrix:access_gateway:8.0:m48.7:enterprise:*:*:*:*:*
- cpe:2.3:a:citrix:access_gateway:.8.0:m50.3:enterprise:*:*:*:*:*
- cpe:2.3:a:citrix:access_gateway:8.0:m49.2:enterprise:*:*:*:*:*
- cpe:2.3:a:citrix:access_gateway:4.6.2:*:standard:*:*:*:*:*
- cpe:2.3:a:citrix:access_gateway:4.6.3:*:standard:*:*:*:*:*
- cpe:2.3:a:citrix:access_gateway:4.5.7:*:standard:*:*:*:*:*
- cpe:2.3:a:citrix:access_gateway:4.5:hf1:*:*:*:*:*:*
- cpe:2.3:a:citrix:access_gateway:4.6.1:*:standard:*:*:*:*:*
- cpe:2.3:a:citrix:access_gateway:4.5:hf1:advanced:*:*:*:*:*