CVE-2006-4846 - Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 200

CVE-2006-4846

Summary

Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authentication, allows remote attackers to bypass authentication via unknown vectors. Successful exploitation requires that the Advanced Access Control option is set to use LDAP authentication. This vulnerability is addressed by hotfix AAC420W004.

References

Vulnerable Configurations

cpe:2.3:a:citrix:access_gateway:4.2:*:*:*:*:*:*:*
cpe:2.3:a:citrix:access_gateway:4.2:*:*:*:*:*:*:*

CVSS

Base:	5.1 (as of 20-07-2017 - 01:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:P/A:P

refmap via4

bid	20066
cert-vn	VU#658620
confirm	http://support.citrix.com/article/CTX110439 http://support.citrix.com/article/CTX110950
osvdb	28938
sectrack	1016874
secunia	21941
vupen	ADV-2006-3643
xf	citrix-acc-ldap-auth-bypass(28990)

Last major update

20-07-2017 - 01:33

Published

19-09-2006 - 01:07

Last modified

20-07-2017 - 01:33