Privilege escalation in Citrix Netscaler ADC and Citrix NetScaler Gateway - CVE-2018-7218
Published: May 17, 2018 / Updated: May 17, 2018
Vulnerability identifier: #VU12796
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-7218
CWE-ID: CWE-284
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Citrix
Affected software:
Citrix Netscaler ADC
Citrix NetScaler Gateway
Citrix Netscaler ADC
Citrix NetScaler Gateway
Detailed vulnerability description
The vulnerability allows an adjacent attacker to gain elevated privileges.
The weakness exists in the AppFirewall feature due to improper access control. An adjacent attacker can gain elevated privileges and execute arbitrary code and compromise the host system.
The weakness exists in the AppFirewall feature due to improper access control. An adjacent attacker can gain elevated privileges and execute arbitrary code and compromise the host system.
How to mitigate CVE-2018-7218
Update to versions 10.5 Build 68.7, 11.0 Build 71.24, 11.1 Build 58.13 or 12.0 Build 57.24.