Medium severity6.5NVD Advisory· Published Jun 25, 2009· Updated Jun 16, 2026
CVE-2009-2213
CVE-2009-2213
Description
The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions.
Affected products
6- cpe:2.3:h:citrix:netscaler_access_gateway:-:-:enterprise:*:*:*:*:*
cpe:2.3:o:citrix:netscaler_access_gateway_firmware:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:citrix:netscaler_access_gateway_firmware:*:*:*:*:*:*:*:*range: <=8.1
- cpe:2.3:o:citrix:netscaler_access_gateway_firmware:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:citrix:netscaler_access_gateway_firmware:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:citrix:netscaler_access_gateway_firmware:9.0:*:*:*:*:*:*:*
- (no CPE)range: <=9.0
Patches
Vulnerability mechanics
References
4- support.citrix.com/article/CTX118770nvdBroken LinkVendor Advisory
- www.securityfocus.com/bid/35422nvdBroken LinkThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/51274nvdThird Party AdvisoryVDB Entry
- www.vupen.com/english/advisories/2009/1641nvdPermissions Required
News mentions
0No linked articles in our index yet.