Published: 01/03/2018 Updated: 03/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote malicious users to execute a system command or read arbitrary files via an SSH login prompt.

Vulnerable Product	Search on Vulmon	Subscribe to Product
citrix netscaler gateway 11.0
citrix netscaler gateway 12.0
citrix netscaler application delivery controller 11.0
citrix netscaler application delivery controller 11.1
citrix netscaler application delivery controller 12.0
citrix netscaler sd-wan 9.3.0
citrix netscaler gateway 11.1

Description of Problem A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway that, if exploited, could allow an unauthenticated attacker with access to the NetScaler management interface to bypass authentication controls and execute arbitrary, read only comman ...

CWE-287 https://support.citrix.com/article/CTX232199 http://www.securitytracker.com/id/1040439 http://www.securityfocus.com/bid/103186 https://nvd.nist.gov https://support.citrix.com/article/CTX232199

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-5314

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect