cbcvebase.

Citrix Netscaler Application Delivery Controller Firmware vulnerabilities

29 known vulnerabilities affecting citrix/netscaler_application_delivery_controller_firmware.

Total CVEs
29
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH7MEDIUM16

Vulnerabilities

Page 1 of 2
CVE-2014-7140P2HIGHCVSS 7.5PoCv10.0v10.1+1 more2014-10-21
CVE-2014-7140 [HIGH] CVE-2014-7140: Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Contr Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote attackers to execute arbitrary code via unknown vectors.
nvd
CVE-2018-6809P3CRITICALCVSS 9.8v10.5v11.0+2 more2018-03-06
CVE-2018-6809 [CRITICAL] CVE-2018-6809: NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow rem NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system.
nvd
CVE-2015-5080P3CRITICALCVSS 9.0v10.1v10.1.120.1316.e+11 more2015-07-16
CVE-2015-5080 [CRITICAL] CWE-77 CVE-2015-5080: The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gat The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter parameter to rapi/ipsec_logs.
nvd
CVE-2015-5538P3CRITICALCVSS 10.0v10.1v10.5+1 more2015-09-17
CVE-2015-5538 [CRITICAL] CVE-2015-5538: Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller (ADC) and N Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allow remote attackers to gain privileges via unknown vectors, related to the (1) Command Line Interface (CLI) and the (2) Web User Interface (UI).
nvd
CVE-2018-6810P3HIGHCVSS 7.5v10.5v11.0+2 more2018-03-06
CVE-2018-6810 [HIGH] CWE-22 CVE-2018-6810: Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request.
nvd
CVE-2018-6808P3HIGHCVSS 7.5v10.5v11.0+2 more2018-03-06
CVE-2018-6808 [HIGH] CWE-200 CVE-2018-6808: NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow rem NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system.
nvd
CVE-2016-9028P3HIGHCVSS 8.8≤ 10.1v10.5+2 more2016-10-28
CVE-2016-9028 [HIGH] CWE-254 CVE-2016-9028: Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.3 Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header.
nvd
CVE-2014-2881P3CRITICALCVSS 10.0v10.1≤ 9.3.e2014-05-01
CVE-2014-2881 [CRITICAL] CVE-2014-2881: Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI J Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unknown impact and vectors.
nvd
CVE-2019-12044P3HIGHCVSS 7.5≥ 10.5.0, < 10.5.70≥ 11.1.0, < 11.1.59.10+2 more2019-05-22
CVE-2019-12044 [HIGH] CWE-119 CVE-2019-12044: A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59. A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23.
nvd
CVE-2013-6941P3CRITICALCVSS 10.0v9.3\(1\)v9.3.e+2 more2014-03-11
CVE-2013-6941 [CRITICAL] CVE-2013-6941: Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3 Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows users to "breakout" of the shell via unknown vectors.
nvd
CVE-2014-2882P3CRITICALCVSS 10.0≤ 9.3.ev10.12014-05-01
CVE-2014-2882 [CRITICAL] CVE-2014-2882: Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and vectors, related to certificate validation.
nvd
CVE-2017-5933P3MEDIUMCVSS 5.9≤ 10.5.65.11≤ 11.0.69.12+1 more2017-02-08
CVE-2017-5933 [MEDIUM] CVE-2017-5933: Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0
nvd
CVE-2019-6485P4MEDIUMCVSS 5.9v10.5v11.0+3 more2019-02-22
CVE-2019-6485 [MEDIUM] CWE-327 CVE-2019-6485: Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 1 Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain s
nvd
CVE-2015-2829P4HIGHCVSS 7.8v10.52015-05-12
CVE-2015-2829 [HIGH] CVE-2015-2829: Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.5 Build 53.9 Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.5 Build 53.9 through 55.8 and 10.5.e Build 53-9010.e allow remote attackers to cause a denial of service (reboot) via unspecified vectors.
nvd
CVE-2013-6011P4HIGHCVSS 7.8v10.0v10.0.e2013-10-04
CVE-2013-6011 [HIGH] CWE-20 CVE-2013-6011: Citrix NetScaler Application Delivery Controller (ADC) 10.0 before 10.0-76.7 allows remote attackers Citrix NetScaler Application Delivery Controller (ADC) 10.0 before 10.0-76.7 allows remote attackers to cause a denial of service (nsconfigd crash and appliance reboot) via a crafted request.
nvd
CVE-2013-6942P4MEDIUMCVSS 6.8v9.3\(1\)v9.3.e+2 more2014-03-11
CVE-2013-6942 [MEDIUM] CWE-352 CVE-2013-6942: Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler Application Delivery Controller Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
nvd
CVE-2018-6811P4MEDIUMCVSS 6.1v10.5v11.0+2 more2018-03-06
CVE-2018-6811 [MEDIUM] CWE-79 CVE-2018-6811: Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12 Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to inject arbitrary web script or HTML via the Citrix NetScaler interface.
nvd
CVE-2013-6943P4MEDIUMCVSS 5.0v9.3\(1\)v9.3.e+2 more2014-03-11
CVE-2013-6943 [MEDIUM] CWE-94 CVE-2013-6943: Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to conduct an LDAP injection attack via vectors related to SSH and Web management usernames.
nvd
CVE-2014-8580P4MEDIUMCVSS 4.9v10.1.120.1316.ev10.1.121+10 more2014-11-07
CVE-2014-8580 [MEDIUM] CWE-264 CVE-2014-8580: Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.10 before 10.5-52.11, Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.10 before 10.5-52.11, 10.1.122.17 before 10.1-129.11, and 10.1-120.1316.e before 10.1-129.1105.e, when using unspecified configurations, allows remote authenticated users to access "network resources" of other users via unknown vectors.
nvd
CVE-2014-4347P4MEDIUMCVSS 5.0v9.3v10.12014-07-16
CVE-2014-4347 [MEDIUM] CWE-200 CVE-2014-4347: Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gatewa Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensitive information via vectors related to a cookie.
nvd
Citrix Netscaler Application Delivery Controller Firmware vulnerabilities | cvebase