#VU12796 Privilege escalation in Citrix Netscaler ADC and Citrix NetScaler Gateway - CVE-2018-7218
Published: May 17, 2018 / Updated: May 17, 2018
Vulnerability identifier: #VU12796
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-7218
CWE-ID: CWE-284
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Citrix Netscaler ADC
Citrix NetScaler Gateway
Citrix Netscaler ADC
Citrix NetScaler Gateway
Software vendor:
Citrix
Citrix
Description
The vulnerability allows an adjacent attacker to gain elevated privileges.
The weakness exists in the AppFirewall feature due to improper access control. An adjacent attacker can gain elevated privileges and execute arbitrary code and compromise the host system.
The weakness exists in the AppFirewall feature due to improper access control. An adjacent attacker can gain elevated privileges and execute arbitrary code and compromise the host system.
Remediation
Update to versions 10.5 Build 68.7, 11.0 Build 71.24, 11.1 Build 58.13 or 12.0 Build 57.24.