Citrix Access Gateway Vulnerability Fix Released

Citrix has released a fix for a command injection vulnerability in their Citrix Access Gateway product.

UPDATE 04 March 2011 – Exploit code is now available (Metasploit).

These versions are vulnerable:
Access Gateway 4.5 Advanced Edition
Access Gateway 4.5 Standard Edition
Access Gateway 4.6 Advanced Edition
Access Gateway 4.6 Standard Edition
Access Gateway 8.0 Enterprise Edition
Access Gateway 8.1 Enterprise Edition
Access Gateway 9.0 Enterprise Edition
Access Gateway 9.1 Enterprise Edition
Access Gateway 9.2 Enterprise Edition
Access Gateway VPX 4.6

References:
http://support.citrix.com/article/CTX127613

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Leave a Reply