Description
The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/51274
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35422
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1641
Broken Link, Vendor Advisory x_refsource_confirm
http://support.citrix.com/article/CTX118770
Scores
CVSS v3
6.5
EPSS
0.0035
EPSS Percentile
57.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-863
Status
published
Products (5)
citrix/netscaler_access_gateway
citrix/netscaler_access_gateway_firmware
7.0
citrix/netscaler_access_gateway_firmware
8.0
citrix/netscaler_access_gateway_firmware
9.0
citrix/netscaler_access_gateway_firmware
< 8.1
Published
Jun 25, 2009
Tracked Since
Feb 18, 2026