Citrix Netscaler Gateway Firmware vulnerabilities
31 known vulnerabilities affecting citrix/netscaler_gateway_firmware.
Total CVEs
31
CISA KEV
4
actively exploited
Public exploits
6
Exploited in wild
5
Severity breakdown
CRITICAL6HIGH9MEDIUM16
Vulnerabilities
Page 2 of 2
CVE-2017-17382MEDIUMCVSS 5.9v10.5v11.0+2 more2017-12-13
CVE-2017-17382 [MEDIUM] CWE-327 CVE-2017-17382: Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.
nvd
CVE-2017-14602HIGHCVSS 7.2v10.1v10.5+4 more2017-09-26
CVE-2017-14602 [HIGH] CWE-287 CVE-2017-14602: A vulnerability has been identified in the management interface of Citrix NetScaler Application Deli
A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could
nvd
CVE-2017-7219HIGHCVSS 8.8v10.1v10.5+2 more2017-04-13
CVE-2017-7219 [HIGH] CWE-119 CVE-2017-7219: A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 be
A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors.
nvd
CVE-2015-7996MEDIUMCVSS 5.0v10.1v10.52015-11-17
CVE-2015-7996 [MEDIUM] CWE-200 CVE-2015-7996: The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before
The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow attackers to obtain credentials via the browser cache.
nvd
CVE-2015-7998MEDIUMCVSS 5.0v10.1v10.52015-11-17
CVE-2015-7998 [MEDIUM] CWE-200 CVE-2015-7998: The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gatewa
The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors.
nvd
CVE-2015-7997MEDIUMCVSS 4.3v10.1v10.52015-11-17
CVE-2015-7997 [MEDIUM] CWE-79 CVE-2015-7997: Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application
Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or
nvd
CVE-2015-5538CRITICALCVSS 10.0v10.1v10.5+1 more2015-09-17
CVE-2015-5538 [CRITICAL] CVE-2015-5538: Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller (ADC) and N
Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allow remote attackers to gain privileges via unknown vectors, related to the (1) Command Line Interface (CLI) and the (2) Web User Interface (UI).
nvd
CVE-2015-6672MEDIUMCVSS 4.3v10.1v10.5+1 more2015-09-17
CVE-2015-6672 [MEDIUM] CWE-79 CVE-2015-6672: Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix NetScaler App
Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2015-5080CRITICALCVSS 9.0v10.1.120.1316.ev10.1.121+12 more2015-07-16
CVE-2015-5080 [CRITICAL] CWE-77 CVE-2015-5080: The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gat
The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter parameter to rapi/ipsec_logs.
nvd
CVE-2015-2829HIGHCVSS 7.8v10.5v10.5e2015-05-12
CVE-2015-2829 [HIGH] CVE-2015-2829: Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.5 Build 53.9
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.5 Build 53.9 through 55.8 and 10.5.e Build 53-9010.e allow remote attackers to cause a denial of service (reboot) via unspecified vectors.
nvd
CVE-2014-8580MEDIUMCVSS 4.9v10.1.120.1316.ev10.1.121+10 more2014-11-07
CVE-2014-8580 [MEDIUM] CWE-264 CVE-2014-8580: Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.10 before 10.5-52.11,
Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.10 before 10.5-52.11, 10.1.122.17 before 10.1-129.11, and 10.1-120.1316.e before 10.1-129.1105.e, when using unspecified configurations, allows remote authenticated users to access "network resources" of other users via unknown vectors.
nvd
← Previous2 / 2