CVE-2018-6186

Published: Feb 1, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges.

Affected (1)

Products: Citrix: Netscaler

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Citrix Netscaler	Version 12.0

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (8)

http://www.securityfocus.com/bid/102915

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040440

Source: cve@mitre.org

https://gist.github.com/buxu/04ce809eb8b32ef57e232eab5e61f023

Source: cve@mitre.org

Third Party Advisory

https://support.citrix.com/article/CTX232161

Source: cve@mitre.org

http://www.securityfocus.com/bid/102915

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040440

Source: af854a3a-2127-422b-91ae-364da2661108

https://gist.github.com/buxu/04ce809eb8b32ef57e232eab5e61f023

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.citrix.com/article/CTX232161

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.