Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and NetScaler Gateway



Published: 2018-03-02
Risk Low
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2018-6810
CVE-2018-6811
CVE-2018-6809
CVE-2018-6808
CVE-2018-6186
CWE-ID CWE-22
CWE-79
CWE-264
CWE-200
CWE-918
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Citrix NetScaler Application Delivery Controller
Server applications / Application servers

Citrix NetScaler Gateway
Server applications / Application servers

Citrix NetScaler
Server applications / Remote management servers, RDP, SSH

Vendor Citrix

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Path traversal

EUVDB-ID: #VU10825

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-6810

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to path traversal. A remote attacker can send a specially-crafted URL request containing directory traversal sequences and view arbitrary files.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Citrix NetScaler Application Delivery Controller: 10.5 - 12.0

Citrix NetScaler Gateway: 10.5 - 12.0

External links

http://support.citrix.com/article/CTX232161


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Cross-site scripting

EUVDB-ID: #VU10826

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-6811

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Citrix NetScaler Gateway: 10.5 - 12.0

Citrix NetScaler Application Delivery Controller: 10.5 - 12.0

External links

http://support.citrix.com/article/CTX232161


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Privilege escalation

EUVDB-ID: #VU10827

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-6809

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.

The weakness exists due to unknown reasons. A remote attacker can gain root privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Citrix NetScaler Application Delivery Controller: 10.5 - 12.0

Citrix NetScaler Gateway: 10.5 - 12.0

External links

http://support.citrix.com/article/CTX232161


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Information disclosure

EUVDB-ID: #VU10828

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-6808

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to unknown reasons. A remote attacker can download arbitrary files and gain access to potentially sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Citrix NetScaler Application Delivery Controller: 10.5 - 12.0

Citrix NetScaler Gateway: 10.5 - 12.0

External links

http://support.citrix.com/article/CTX232161


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Server-side request forgery

EUVDB-ID: #VU10829

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-6186

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to perform SSRF-attack on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can gain access to the nsroot account, execute commands with root privileges on the target system and perform server-side request forgery attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Citrix NetScaler: 12.0 Build 53.13

External links

http://support.citrix.com/article/CTX232161


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###