CVE-2014-8580 : Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.1

Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.10 before 10.5-52.11, 10.1.122.17 before 10.1-129.11, and 10.1-120.1316.e before 10.1-129.1105.e, when using unspecified configurations, allows remote authenticated users to access "network resources" of other users via unknown vectors.

Published 2014-11-07 19:55:05

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2014-8580

Citrix » Netscaler Application Delivery Controller Firmware » Version: 10.1.120.1316.e
cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.120.1316.e:*:*:*:*:*:*:*
Matching versions
Citrix » Netscaler Application Delivery Controller Firmware » Version: 10.1.121
cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.121:*:*:*:*:*:*:*
Matching versions
Citrix » Netscaler Application Delivery Controller Firmware » Version: 10.1.128
cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.128:*:*:*:*:*:*:*
Matching versions
Citrix » Netscaler Application Delivery Controller Firmware » Version: 10.1.129
cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.129:*:*:*:*:*:*:*
Matching versions
Citrix » Netscaler Application Delivery Controller Firmware » Version: 10.1.126
cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.126:*:*:*:*:*:*:*
Matching versions
Citrix » Netscaler Application Delivery Controller Firmware » Version: 10.1.127
cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.127:*:*:*:*:*:*:*
Matching versions
Citrix » Netscaler Application Delivery Controller Firmware » Version: 10.1.124
cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.124:*:*:*:*:*:*:*
Matching versions
Citrix » Netscaler Application Delivery Controller Firmware » Version: 10.1.125
cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.125:*:*:*:*:*:*:*
Matching versions
Citrix » Netscaler Application Delivery Controller Firmware » Version: 10.5.51.10
cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5.51.10:*:*:*:*:*:*:*
Matching versions
Citrix » Netscaler Application Delivery Controller Firmware » Version: 10.1.122
cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.122:*:*:*:*:*:*:*
Matching versions
Citrix » Netscaler Application Delivery Controller Firmware » Version: 10.1.123
cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.123:*:*:*:*:*:*:*
Matching versions
Citrix » Netscaler Application Delivery Controller Firmware » Version: 10.5.50.10
cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5.50.10:*:*:*:*:*:*:*
Matching versions
Citrix » Netscaler Gateway Firmware » Version: 10.1.122
cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.122:*:*:*:*:*:*:*
Matching versions
Citrix » Netscaler Gateway Firmware » Version: 10.1.123
cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.123:*:*:*:*:*:*:*
Matching versions
Citrix » Netscaler Gateway Firmware » Version: 10.1.120.1316.e
cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.120.1316.e:*:*:*:*:*:*:*
Matching versions
Citrix » Netscaler Gateway Firmware » Version: 10.1.121
cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.121:*:*:*:*:*:*:*
Matching versions
Citrix » Netscaler Gateway Firmware » Version: 10.1.128
cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.128:*:*:*:*:*:*:*
Matching versions
Citrix » Netscaler Gateway Firmware » Version: 10.1.129
cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.129:*:*:*:*:*:*:*
Matching versions
Citrix » Netscaler Gateway Firmware » Version: 10.1.126
cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.126:*:*:*:*:*:*:*
Matching versions
Citrix » Netscaler Gateway Firmware » Version: 10.1.127
cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.127:*:*:*:*:*:*:*
Matching versions
Citrix » Netscaler Gateway Firmware » Version: 10.1.124
cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.124:*:*:*:*:*:*:*
Matching versions
Citrix » Netscaler Gateway Firmware » Version: 10.1.125
cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.125:*:*:*:*:*:*:*
Matching versions
Citrix » Netscaler Gateway Firmware » Version: 10.5.50.10
cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5.50.10:*:*:*:*:*:*:*
Matching versions
Citrix » Netscaler Gateway Firmware » Version: 10.5.51.10
cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5.51.10:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-8580

EPSS FAQ

0.25%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 46 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-8580

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.9	MEDIUM	AV:N/AC:M/Au:S/C:P/I:P/A:N	6.8	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2014-8580

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-8580

http://support.citrix.com/article/CTX200254

CVE-2014-8580 - Authentication Flaw in Citrix NetScaler Application Delivery Controller and NetScaler Gateway Could Result in Unauthorised Access to Network Resources
Patch;Vendor Advisory
http://www.securitytracker.com/id/1031212

Citrix NetScaler Application Delivery Controller and NetScaler Gateway Authentication Flaw Lets Remote Users Access Network Resources - SecurityTracker
http://secunia.com/advisories/62114

Sign in
https://exchange.xforce.ibmcloud.com/vulnerabilities/98661

Citrix NetScaler Application Delivery Controller unauthorized access CVE-2014-8580 Vulnerability Report

Jump to

Vulnerability Details : CVE-2014-8580

Products affected by CVE-2014-8580

Exploit prediction scoring system (EPSS) score for CVE-2014-8580

CVSS scores for CVE-2014-8580

CWE ids for CVE-2014-8580

References for CVE-2014-8580