CVE-2008-2528

Current Description

Unspecified vulnerability in Citrix Access Gateway Standard Edition 4.5.7 and earlier and Advanced Edition 4.5 HF2 and earlier allows attackers to bypass authentication and gain "access to network resources" via unspecified vectors.

Basic Data

PublishedJune 03, 2008
Last ModifiedAugust 08, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-287
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCitrixAccess Gateway*advancedhf2*****4.5
    2.3ApplicationCitrixAccess Gateway4.5.5*standard*****
    2.3ApplicationCitrixAccess Gateway4.5.6*standard*****
    2.3ApplicationCitrixAccess Gateway**standard*****4.5.7

Vulnerable Software List

VendorProductVersions
Citrix Access Gateway *, 4.5.5, 4.5.6

References

NameSourceURLTags
30175http://secunia.com/advisories/30175SECUNIAPATCH
http://support.citrix.com/article/CTX116930http://support.citrix.com/article/CTX116930CONFIRMPATCH
29174http://www.securityfocus.com/bid/29174BID
1020025http://www.securitytracker.com/id?1020025SECTRACK
ADV-2008-1474http://www.vupen.com/english/advisories/2008/1474/referencesVUPEN
citrix-access-unspecified-auth-bypass(42356)https://exchange.xforce.ibmcloud.com/vulnerabilities/42356XF