CVE-2019-18225

{"id": "CVE-2019-18225", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-10-21T18:15:10.680", "references": [{"url": "https://support.citrix.com/article/CTX261055", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Citrix Application Delivery Controller (ADC) y Gateway versiones anteriores a 10.5 build 70.8, versiones 11.x anteriores a 11.1 build 63.9, versi\u00f3n 12.0 anterior a build 62.10, versi\u00f3n 12.1 anterior a build 54.16 y versi\u00f3n 13.0 anterior a build 41.28. Un atacante con acceso a la interfaz de administraci\u00f3n puede omitir la autenticaci\u00f3n para obtener acceso administrativo del dispositivo. Estos productos anteriormente usaron la marca NetScaler."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D56F2AAF-4658-484C-9A3A-D8A52BA5B10C"}, {"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CE9E655-0D97-4DCF-AC2F-79DCD12770E5"}, {"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49454F7D-77B5-46DF-B95C-312AF2E68EAD"}, {"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "201246D4-1E22-4F28-9683-D6A9FD0F7A6B"}, {"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:13.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3A50966-5554-4919-B6CE-BD8F6FF991D8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E0FA8E2-3E8F-481E-8C39-FB00A9739DFC"}, {"criteria": "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5D73B9A-59AA-4A38-AEAF-7EAB0965CD7E"}, {"criteria": "cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9F3ED0E-7F3D-477B-B645-77DA5FC7F502"}, {"criteria": "cpe:2.3:o:citrix:netscaler_gateway_firmware:12.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58349F8E-3177-413A-9CBE-BB454DCD31E4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DEBB9B6A-1CAD-4D82-9B1E-939921986053"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:citrix:gateway_firmware:13.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A80EAFB1-82DA-49BE-815D-D248624B442C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3EF98B43-71DB-4230-B7AC-76EC2B1F0533"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}