{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-12-14T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-01-21T10:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1024893", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1024893"}, {"tags": ["x_refsource_MISC"], "url": "http://www.vsecurity.com/resources/advisory/20101221-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.citrix.com/article/CTX127613"}, {"name": "8119", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8119"}, {"name": "70099", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/70099"}, {"name": "16916", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/16916"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-4566", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1024893", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1024893"}, {"name": "http://www.vsecurity.com/resources/advisory/20101221-1", "refsource": "MISC", "url": "http://www.vsecurity.com/resources/advisory/20101221-1"}, {"name": "http://support.citrix.com/article/CTX127613", "refsource": "CONFIRM", "url": "http://support.citrix.com/article/CTX127613"}, {"name": "8119", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8119"}, {"name": "70099", "refsource": "OSVDB", "url": "http://www.osvdb.org/70099"}, {"name": "16916", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/16916"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:51:17.236Z"}, "title": "CVE Program Container", "references": [{"name": "1024893", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1024893"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.vsecurity.com/resources/advisory/20101221-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.citrix.com/article/CTX127613"}, {"name": "8119", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/8119"}, {"name": "70099", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/70099"}, {"name": "16916", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/16916"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-4566", "datePublished": "2011-01-14T22:00:00.000Z", "dateReserved": "2010-12-20T00:00:00.000Z", "dateUpdated": "2024-08-07T03:51:17.236Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:access_gateway:*:*:enterprise:*:*:*:*:*", "matchCriteriaId": "9D5E4A81-EDA7-4C0D-A02D-A0785081392D", "versionEndIncluding": "9.2-49.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:access_gateway:.8.0:m50.3:enterprise:*:*:*:*:*", "matchCriteriaId": "4990990C-9647-4A31-894E-F43652FFF4AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:access_gateway:8.0:m48.7:enterprise:*:*:*:*:*", "matchCriteriaId": "1275E2DF-5D06-4CE3-BAB9-7F2AFEC2F5A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:access_gateway:8.0:m49.2:enterprise:*:*:*:*:*", "matchCriteriaId": "766AB736-FA79-4E70-A0F6-3C5D071A1AD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:access_gateway:8.0:m59.1:enterprise:*:*:*:*:*", "matchCriteriaId": "46ECBD0E-0873-4A82-AE09-46CA4A54C104", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:access_gateway:8.1-69.4:*:enterprise:*:*:*:*:*", "matchCriteriaId": "BA9F8079-0A27-47F3-AA20-376D53C3C2AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:access_gateway:9.0.71.3:*:enterprise:*:*:*:*:*", "matchCriteriaId": "8D430557-6BBA-45B9-8DB6-B72641EF6C69", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:access_gateway:9.1-104.5:*:enterprise:*:*:*:*:*", "matchCriteriaId": "398E63F4-F325-48FC-9BA2-4FBE5D15C3FE", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:access_gateway:4.5:*:advanced:*:*:*:*:*", "matchCriteriaId": "E674A101-814E-4954-B344-663AF49FED35", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:access_gateway:4.5:*:standard:*:*:*:*:*", "matchCriteriaId": "C019102F-CED4-4911-9B02-8D88AF9796DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:access_gateway:4.5:hf1:*:*:*:*:*:*", "matchCriteriaId": "DCABF20E-43A8-494B-AB47-B2C73C497B51", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:access_gateway:4.5:hf1:advanced:*:*:*:*:*", "matchCriteriaId": "44665598-C710-4EED-ACCB-D5B69644D537", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:access_gateway:4.5.5:*:standard:*:*:*:*:*", "matchCriteriaId": "94618DF7-4882-4205-89F2-DD8B22BB9D9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:access_gateway:4.5.6:*:standard:*:*:*:*:*", "matchCriteriaId": "3EAEF2D7-EBE5-4B14-AE70-24B2C4770287", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:access_gateway:4.5.7:*:standard:*:*:*:*:*", "matchCriteriaId": "98CF7119-F625-4A4C-838A-216D05B2763D", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:access_gateway:4.6.1:*:standard:*:*:*:*:*", "matchCriteriaId": "2BBA9141-DD1E-40D8-835F-6B7290632747", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:access_gateway:4.6.2:*:standard:*:*:*:*:*", "matchCriteriaId": "C96FF50F-7498-4469-9DE2-F99717BAEC56", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:access_gateway:4.6.3:*:standard:*:*:*:*:*", "matchCriteriaId": "1BDE88C1-29B3-44F3-82AD-5FFD74656B3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el componente de autenticaci\u00f3n NT4 en Citrix Access Gateway Enterprise Edition v9.2-49.8 y anteriores, y el componente de autenticaci\u00f3n NTLM en \"Access Gateway Standard Edition\" y \"Access Gateway Advanced Edition\" antes de su versi\u00f3n v5.0, permite a atacantes eludir la autenticaci\u00f3n y, posiblemente, ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos."}], "id": "CVE-2010-4566", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-01-14T23:00:47.207", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/8119"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://support.citrix.com/article/CTX127613"}, {"source": "cve@mitre.org", "url": "http://www.exploit-db.com/exploits/16916"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/70099"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1024893"}, {"source": "cve@mitre.org", "url": "http://www.vsecurity.com/resources/advisory/20101221-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/8119"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://support.citrix.com/article/CTX127613"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.exploit-db.com/exploits/16916"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/70099"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1024893"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vsecurity.com/resources/advisory/20101221-1"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}