Security restrictions bypass in Citrix NetScaler Gateway and Citrix Netscaler ADC - CVE-2018-5314
Published: March 5, 2018 / Updated: March 6, 2018
Vulnerability identifier: #VU10831
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-5314
CWE-ID: CWE-77
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Citrix
Affected software:
Citrix NetScaler Gateway
Citrix Netscaler ADC
Citrix NetScaler Gateway
Citrix Netscaler ADC
Detailed vulnerability description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to command injection. A remote attacker can bypass authentication on the management interface and execute arbitrary read-only commands.
The weakness exists due to command injection. A remote attacker can bypass authentication on the management interface and execute arbitrary read-only commands.
How to mitigate CVE-2018-5314
Update to Citrix NetScaler Gateway 12.0 Build 53.13, 11.1 Build 55.13, 11.0 Build 70.16, Citrix NetScaler ADC 12.0 Build 53.13, 11.1 Build 55.13, 11.0 Build 70.16 or Citrix NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.1 or later.