What is CVE-2017-14602?

CVE-2017-14602 is a high-severity vulnerability in Citrix Application_delivery_controller_firmware, classified under Improper Authentication. CVSS score: 7.2/10. Published 2017-09-26.

How severe is CVE-2017-14602?

High severity. CVSS v3 base score is 7.2 out of 10.

Auth bypass in Citrix Application_delivery_controller_firmware

CVE-2017-14602

A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before bui…

Vulnerability class: Broken Authentication

EPSS: 0.004 (60.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Citrix Application_delivery_controller_firmware — versions 10.1, 10.5, 10.5e
Citrix Netscaler_gateway_firmware — versions 10.1, 10.5, 10.5e
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM, Patch, Mitigation, Vendor Advisory)
cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2017-14602?: CVE-2017-14602 is a high-severity vulnerability in Citrix Application_delivery_controller_firmware, classified under Improper Authentication. CVSS score: 7.2/10. Published 2017-09-26.
How severe is CVE-2017-14602?: High severity. CVSS v3 base score is 7.2 out of 10.