Privilege escalation in Citrix NetScaler Application Delivery Controller and NetScaler Gateway
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-7218 |
| CWE-ID | CWE-284 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Citrix Netscaler ADC Client/Desktop applications / Software for system administration Citrix NetScaler Gateway Server applications / Application servers |
| Vendor | Citrix |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Privilege escalation
EUVDB-ID: #VU12796
Risk: Medium
CVSSv3.1: 8.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7218
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to gain elevated privileges.
The weakness exists in the AppFirewall feature due to improper access control. An adjacent attacker can gain elevated privileges and execute arbitrary code and compromise the host system.
Update to versions 10.5 Build 68.7, 11.0 Build 71.24, 11.1 Build 58.13 or 12.0 Build 57.24.
Vulnerable software versionsCitrix Netscaler ADC: 10.5 Build 67.10/67.13 - 12.0 56.20
Citrix NetScaler Gateway: 10.5.67.10 - 12.0.56.20
External linkshttp://support.citrix.com/article/CTX234869
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
