CVE-2021-22920 - OpenCVE

A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a SAML authentication hijack to steal a valid user session.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Citrix	Application Delivery Management Gateway

Configuration 1 [-]

OR	cpe:2.3:a:citrix:application_delivery_management:12.1-62.25:::::::*
	cpe:2.3:a:citrix:application_delivery_management:13.0-82.42:::::::*
	cpe:2.3:a:citrix:gateway:12.1-62.25:::::::*
	cpe:2.3:a:citrix:gateway:13.0-82.42:::::::*

No data.

References

Link	Providers
https://support.citrix.com/article/CTX319135

History

No history.

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2021-08-05T20:16:49

Updated: 2024-08-03T18:58:25.644Z

Reserved: 2021-01-06T00:00:00

Link: CVE-2021-22920

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-08-05T21:15:11.083

Modified: 2021-08-13T14:26:49.893

Link: CVE-2021-22920

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Citrix ADC, Citrix Gateway", "vendor": "n/a", "versions": [{"status": "affected", "version": "Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0"}, {"status": "affected", "version": "Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a SAML authentication hijack to steal a valid user session."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "Improper Access Control - Generic (CWE-284)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-05T20:16:49", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.citrix.com/article/CTX319135"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2021-22920", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Citrix ADC, Citrix Gateway", "version": {"version_data": [{"version_value": "Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0"}, {"version_value": "Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a SAML authentication hijack to steal a valid user session."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Access Control - Generic (CWE-284)"}]}]}, "references": {"reference_data": [{"name": "https://support.citrix.com/article/CTX319135", "refsource": "MISC", "url": "https://support.citrix.com/article/CTX319135"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:58:25.644Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.citrix.com/article/CTX319135"}]}]}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2021-22920", "datePublished": "2021-08-05T20:16:49", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2024-08-03T18:58:25.644Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:application_delivery_management:12.1-62.25:*:*:*:*:*:*:*", "matchCriteriaId": "DE311F5F-CD6A-4539-9941-B7F301BD29C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:application_delivery_management:13.0-82.42:*:*:*:*:*:*:*", "matchCriteriaId": "ECDB150A-DC10-4C05-A75A-5EA94E3AE84D", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:gateway:12.1-62.25:*:*:*:*:*:*:*", "matchCriteriaId": "20180A94-DDD7-4EC0-9636-158B935B0938", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:gateway:13.0-82.42:*:*:*:*:*:*:*", "matchCriteriaId": "3FF01A30-0E92-43CD-B1BE-B2051EF7B0A6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a SAML authentication hijack to steal a valid user session."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad en Citrix ADC (antes conocido como NetScaler ADC) y Citrix Gateway (antes conocido como NetScaler Gateway), y en los modelos 4000-WO, 4100-WO, 5000-WO y 5100-WO de Citrix SD-WAN WANOP Edition. Estas vulnerabilidades, si son explotadas, podr\u00edan conllevar a un ataque de phishing mediante un secuestro de autenticaci\u00f3n SAML para robar una sesi\u00f3n de usuario v\u00e1lida"}], "id": "CVE-2021-22920", "lastModified": "2021-08-13T14:26:49.893", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-05T21:15:11.083", "references": [{"source": "support@hackerone.com", "tags": ["Vendor Advisory"], "url": "https://support.citrix.com/article/CTX319135"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "support@hackerone.com", "type": "Secondary"}]}