CVE DATABASE / CVE-2009-2213
CVE-2009-2213
CVSS 6.5 · MEDIUM
Summary
The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions.
CVSS 3.1 breakdown
| Base score | 6.5 (MEDIUM) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | NONE |
| Availability | NONE |
Weakness type (CWE)
Affected products
Citrix netscaler access gateway firmwareCitrix netscaler access gateway
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://support.citrix.com/article/CTX118770
- http://www.securityfocus.com/bid/35422
- http://www.vupen.com/english/advisories/2009/1641
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51274
Data: NIST NVD. NVD last modified 2026-04-23. Always verify against the vendor advisory before acting.