← Back

CVE-2018-5314

nvd nist
Published: Mar 1, 2018Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.

Affected (7)

Citrix
3 products
Netscaler Application Delivery Controller
Netscaler Gateway
Netscaler Sd Wan
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Citrix
Netscaler Application Delivery Controller
Version 11.0
Netscaler Application Delivery Controller
Version 11.1
Netscaler Application Delivery Controller
Version 12.0
Citrix
Netscaler Gateway
Version 11.0
Netscaler Gateway
Version 11.1
Netscaler Gateway
Version 12.0
Netscaler Sd Wan
Version 9.3.0

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.