CVE-2010-4566
Citrix Access Gateway <5.0 - Command Injection
Title source: llmDescription
The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/16916
exploitdb
WRITEUP
VERIFIED
by George D. Gal · textremotelinux
https://www.exploit-db.com/exploits/15806
metasploit
WORKING POC
EXCELLENT
by George D. Gal, Erwin Paternotte · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/citrix_access_gateway_exec.rb
References (6)
Scores
EPSS
0.7185
EPSS Percentile
98.7%
Details
Status
published
Products (13)
citrix/access_gateway
.8.0 m50.3
citrix/access_gateway
8.0 m48.7 (3 CPE variants)
citrix/access_gateway
8.1-69.4
citrix/access_gateway
9.0.71.3
citrix/access_gateway
9.1-104.5
citrix/access_gateway
4.5 (4 CPE variants)
citrix/access_gateway
4.5.5
citrix/access_gateway
4.5.6
citrix/access_gateway
4.5.7
citrix/access_gateway
4.6.1
... and 3 more
Published
Jan 14, 2011
Tracked Since
Feb 18, 2026