CVE-2021-22920 - OpenCVE

A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a SAML authentication hijack to steal a valid user session.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Citrix	Application Delivery Management Gateway

Configuration 1 [-]

OR	cpe:2.3:a:citrix:application_delivery_management:12.1-62.25:::::::*
	cpe:2.3:a:citrix:application_delivery_management:13.0-82.42:::::::*
	cpe:2.3:a:citrix:gateway:12.1-62.25:::::::*
	cpe:2.3:a:citrix:gateway:13.0-82.42:::::::*

References

Link	Resource
https://support.citrix.com/article/CTX319135	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hackerone

Published: 2021-08-05T20:16:49

Updated: 2021-08-05T20:16:49

Reserved: 2021-01-06T00:00:00

Link: CVE-2021-22920

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-08-05T21:15:11.083

Modified: 2021-08-13T14:26:49.893

Link: CVE-2021-22920

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Citrix ADC, Citrix Gateway", "vendor": "n/a", "versions": [{"status": "affected", "version": "Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0"}, {"status": "affected", "version": "Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a SAML authentication hijack to steal a valid user session."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "Improper Access Control - Generic (CWE-284)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-05T20:16:49", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.citrix.com/article/CTX319135"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2021-22920", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Citrix ADC, Citrix Gateway", "version": {"version_data": [{"version_value": "Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0"}, {"version_value": "Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a SAML authentication hijack to steal a valid user session."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Access Control - Generic (CWE-284)"}]}]}, "references": {"reference_data": [{"name": "https://support.citrix.com/article/CTX319135", "refsource": "MISC", "url": "https://support.citrix.com/article/CTX319135"}]}}}}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2021-22920", "datePublished": "2021-08-05T20:16:49", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2021-08-05T20:16:49", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:application_delivery_management:12.1-62.25:*:*:*:*:*:*:*", "matchCriteriaId": "DE311F5F-CD6A-4539-9941-B7F301BD29C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:application_delivery_management:13.0-82.42:*:*:*:*:*:*:*", "matchCriteriaId": "ECDB150A-DC10-4C05-A75A-5EA94E3AE84D", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:gateway:12.1-62.25:*:*:*:*:*:*:*", "matchCriteriaId": "20180A94-DDD7-4EC0-9636-158B935B0938", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:gateway:13.0-82.42:*:*:*:*:*:*:*", "matchCriteriaId": "3FF01A30-0E92-43CD-B1BE-B2051EF7B0A6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a SAML authentication hijack to steal a valid user session."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad en Citrix ADC (antes conocido como NetScaler ADC) y Citrix Gateway (antes conocido como NetScaler Gateway), y en los modelos 4000-WO, 4100-WO, 5000-WO y 5100-WO de Citrix SD-WAN WANOP Edition. Estas vulnerabilidades, si son explotadas, podr\u00edan conllevar a un ataque de phishing mediante un secuestro de autenticaci\u00f3n SAML para robar una sesi\u00f3n de usuario v\u00e1lida"}], "id": "CVE-2021-22920", "lastModified": "2021-08-13T14:26:49.893", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-05T21:15:11.083", "references": [{"source": "support@hackerone.com", "tags": ["Vendor Advisory"], "url": "https://support.citrix.com/article/CTX319135"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "support@hackerone.com", "type": "Secondary"}]}