CVE-2018-5314Improper Authentication in Citrix Netscaler Application Delivery Controller

CWE-287Improper Authentication4 documents3 sources
Severity
7.5HIGHNVD
EPSS
3.3%
top 12.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Citrix Netscaler Application Delivery ControllerCitrix Netscaler GatewayCitrix Netscaler Sd-wan+8 more
Timeline
PublishedMar 1
Latest updateMay 13

Description

Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages12 packages

NVDcitrix/netscaler_gateway11.0, 11.1, 12.0+2

🔴Vulnerability Details

1
GHSA
GHSA-q654-j343-6r89: Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 112022-05-13

📋Vendor Advisories

2
Citrix
CVE-2018-5314: Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build2018-03-01
Citrix
Citrix Security Bulletin CTX232199