Short Name |
APP:CITRIX:AG-CMD-INJ |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Citrix Access Gateway Command Injection |
Release Date |
2011/05/04 |
Update Number |
1914 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known command injection vulnerability in Citrix Access Gateway. In a successful code injection attack, the behavior of the target host is entirely dependent on the intended function of the injected code and executes within the security context of the server.
Citrix Access Gateway is prone to a command-injection vulnerability. An attacker can exploit this vulnerability to inject and execute arbitrary commands with superuser privileges. The following products are vulnerable: Access Gateway 4.5 Advanced Edition Access Gateway 4.5 Standard Edition Access Gateway 4.6 Advanced Edition Access Gateway 4.6 Standard Edition Access Gateway 8.0 Enterprise Edition Access Gateway 8.1 Enterprise Edition Access Gateway 9.0 Enterprise Edition Access Gateway 9.1 Enterprise Edition Access Gateway 9.2 Enterprise Edition Access Gateway VPX 4.6