Signature Detail
Short Name |
APP:CITRIX:AG-CMD-INJ |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Citrix Access Gateway Command Injection |
Release Date |
2011/05/04 |
Update Number |
1914 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: Citrix Access Gateway Command Injection
This signature detects attempts to exploit a known command injection vulnerability in Citrix Access Gateway. In a successful code injection attack, the behavior of the target host is entirely dependent on the intended function of the injected code and executes within the security context of the server.
Extended Description
Citrix Access Gateway is prone to a command-injection vulnerability. An attacker can exploit this vulnerability to inject and execute arbitrary commands with superuser privileges. The following products are vulnerable: Access Gateway 4.5 Advanced Edition Access Gateway 4.5 Standard Edition Access Gateway 4.6 Advanced Edition Access Gateway 4.6 Standard Edition Access Gateway 8.0 Enterprise Edition Access Gateway 8.1 Enterprise Edition Access Gateway 9.0 Enterprise Edition Access Gateway 9.1 Enterprise Edition Access Gateway 9.2 Enterprise Edition Access Gateway VPX 4.6
Affected Products
- Citrix Access Gateway Advanced Edition 4.5
- Citrix Access Gateway Advanced Edition 4.6
- Citrix Access Gateway Enterprise Edition 8.0
- Citrix Access Gateway Enterprise Edition 8.1
- Citrix Access Gateway Enterprise Edition 9.0
- Citrix Access Gateway Enterprise Edition 9.1
- Citrix Access Gateway Enterprise Edition 9.2
- Citrix Access Gateway Standard Edition 4.5
- Citrix Access Gateway Standard Edition 4.6
- Citrix Access Gateway VPX 4.6
References