Vulnerability identifier: #VU12796

Vulnerability risk: Medium

CVSSv3.1: 8.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-7218

CWE-ID: CWE-284

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Citrix Netscaler ADC
Client/Desktop applications / Software for system administration
Citrix NetScaler Gateway
Server applications / Application servers

Vendor: Citrix

Description
The vulnerability allows an adjacent attacker to gain elevated privileges.

The weakness exists in the AppFirewall feature due to improper access control. An adjacent attacker can gain elevated privileges and execute arbitrary code and compromise the host system.

Mitigation
Update to versions 10.5 Build 68.7, 11.0 Build 71.24, 11.1 Build 58.13 or 12.0 Build 57.24.

Vulnerable software versions

Citrix Netscaler ADC: 10.5 Build 67.10/67.13 - 12.0 56.20

Citrix NetScaler Gateway: 10.5.67.10 - 12.0.56.20

---

External links
http://support.citrix.com/article/CTX234869

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.