CVE-2017-14602
First published: Tue Sep 26 2017(Updated: )
A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Citrix Netscaler Application Delivery Controller Firmware | =10.1 | |
| Citrix Netscaler Application Delivery Controller Firmware | =10.5 | |
| Citrix Netscaler Application Delivery Controller Firmware | =10.5e | |
| Citrix Netscaler Application Delivery Controller Firmware | =11.0 | |
| Citrix Netscaler Application Delivery Controller Firmware | =11.1 | |
| Citrix Netscaler Application Delivery Controller Firmware | =12.0 | |
| Citrix Netscaler Gateway Firmware | =10.1 | |
| Citrix Netscaler Gateway Firmware | =10.5 | |
| Citrix Netscaler Gateway Firmware | =10.5e | |
| Citrix Netscaler Gateway Firmware | =11.0 | |
| Citrix Netscaler Gateway Firmware | =11.1 | |
| Citrix Netscaler Gateway Firmware | =12.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-14602?
CVE-2017-14602 has a severity rating of Medium, indicating it can lead to unauthorized access to the management interface.
How do I fix CVE-2017-14602?
To fix CVE-2017-14602, update your Citrix NetScaler Application Delivery Controller or NetScaler Gateway to the latest version or apply patches provided by Citrix.
Which versions are affected by CVE-2017-14602?
CVE-2017-14602 affects Citrix NetScaler ADC versions 10.1, 10.5, 10.5e, 11.0, 11.1, and 12.0 prior to their respective fixed builds.
What type of vulnerability is CVE-2017-14602?
CVE-2017-14602 is an access control vulnerability that can allow attackers to potentially gain unauthorized access.
Is there a workaround for CVE-2017-14602?
While patching is the most effective solution for CVE-2017-14602, administrators should consider restricting access to the management interface as an interim measure.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/weakness
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/citrix
- canonical/citrix netscaler application delivery controller firmware
- version/citrix netscaler application delivery controller firmware/10.1
- version/citrix netscaler application delivery controller firmware/10.5
- version/citrix netscaler application delivery controller firmware/10.5e
- version/citrix netscaler application delivery controller firmware/11.0
- version/citrix netscaler application delivery controller firmware/11.1
- version/citrix netscaler application delivery controller firmware/12.0
- canonical/citrix netscaler gateway firmware
- version/citrix netscaler gateway firmware/10.1
- version/citrix netscaler gateway firmware/10.5
- version/citrix netscaler gateway firmware/10.5e
- version/citrix netscaler gateway firmware/11.0
- version/citrix netscaler gateway firmware/11.1
- version/citrix netscaler gateway firmware/12.0