CVE-2018-5314
published 2018-03-01CVE-2018-5314: Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13…
PriorityP350high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
2.91%
85.2th percentile
Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_adm | — | — |
| citrix | citrix_hypervisor | — | — |
| citrix | citrix_virtual_apps_and_desktops | — | — |
| citrix | endpoint_management | — | — |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_adc_gateway | — | — |
| citrix | netscaler_application_delivery_controller | — | — |
| citrix | netscaler_application_delivery_controller | — | — |
| citrix | netscaler_application_delivery_controller | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | netscaler_sd-wan | — | — |
| citrix | sd-wan | — | — |
| citrix | xenserver | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2018-5314: Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build
vendor_citrix·2018-03-01·CVSS 7.5
CVE-2018-5314 [HIGH] CWE-287 CVE-2018-5314: Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build
CVE-2018-5314: Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.
Citrix
Citrix Security Bulletin CTX232199
vendor_citrix·CVSS 7.5
CVE-2018-5314 [HIGH] Citrix Security Bulletin CTX232199
Citrix Security Bulletin CTX232199
CVE References: CVE-2018-5314, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
GHSA
GHSA-q654-j343-6r89: Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11
ghsa_unreviewed·2022-05-13
CVE-2018-5314 [HIGH] CWE-287 GHSA-q654-j343-6r89: Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11
Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-03-01
Published