Vulnerability identifier: #VU12796
Vulnerability risk: Medium
CVSSv3.1: 8.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-284
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
Citrix Netscaler ADC
Client/Desktop applications /
Software for system administration
Citrix NetScaler Gateway
Server applications /
Application servers
Vendor: Citrix
Description
The vulnerability allows an adjacent attacker to gain elevated privileges.
The weakness exists in the AppFirewall feature due to improper access control. An adjacent attacker can gain elevated privileges and execute arbitrary code and compromise the host system.
Mitigation
Update to versions 10.5 Build 68.7, 11.0 Build 71.24, 11.1 Build 58.13 or 12.0 Build 57.24.
Vulnerable software versions
Citrix Netscaler ADC: 10.5 Build 67.10/67.13 - 12.0 56.20
Citrix NetScaler Gateway: 10.5.67.10 - 12.0.56.20
External links
http://support.citrix.com/article/CTX234869
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.