CVE-2018-6810 — Path Traversal in Citrix Netscaler Application Delivery Controller Firmware

CWE-22 — Path Traversal3 documents3 sources

Severity

7.5HIGHNVD

EPSS

4.8%

top 10.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Netscaler Application Delivery Controller Firmware Citrix Netscaler Gateway Firmware Citrix ADM +6 more

Timeline

PublishedMar 6

Latest updateMay 14

Description

Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages9 packages

▶citrixcitrix/netscaler_gateway

▶NVDcitrix/netscaler_gateway_firmware4 versions+3

▶citrixcitrix/netscaler_adc

▶NVDcitrix/netscaler_application_delivery_controller_firmware4 versions+3

▶citrixcitrix/xenserver

🔴Vulnerability Details

GHSA

GHSA-5jrp-g377-9qh6: Directory traversal vulnerability in NetScaler ADC 10↗2022-05-14

▶

📋Vendor Advisories

Citrix

Citrix Security Bulletin CTX232161↗

▶