CVE-2015-5080 — Command Injection in Citrix Netscaler Application Delivery Controller Firmware

CWE-77 — Command Injection4 documents3 sources

Severity

9.0CRITICALNVD

EPSS

1.0%

top 22.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Netscaler Application Delivery Controller Firmware Citrix Netscaler Gateway Firmware Citrix ADM +7 more

Timeline

PublishedJul 16

Latest updateMay 17

Description

The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter parameter to rapi/ipsec_logs.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages10 packages

▶NVDcitrix/netscaler_application_delivery_controller_firmware13 versions+12

▶citrixcitrix/netscaler_gateway

▶citrixcitrix/netscaler_adc_gateway

▶NVDcitrix/netscaler_gateway_firmware14 versions+13

▶citrixcitrix/netscaler_adc

🔴Vulnerability Details

GHSA

GHSA-p2wp-rr75-f23g: The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10↗2022-05-17

▶

📋Vendor Advisories

Citrix

CVE-2015-5080: The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.↗2015-07-16

▶

Citrix

Citrix Security Bulletin CTX201149↗

▶