CVE-2018-5314 - OpenCVE

Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Citrix	Netscaler Application Delivery Controller Netscaler Gateway Netscaler Sd-wan

Configuration 1 [-]

OR	cpe:2.3:a:citrix:netscaler_application_delivery_controller:11.0:::::::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:11.1:::::::*
	cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.0:::::::*
	cpe:2.3:a:citrix:netscaler_gateway:11.0:::::::*
	cpe:2.3:a:citrix:netscaler_gateway:11.1:::::::*
	cpe:2.3:a:citrix:netscaler_gateway:12.0:::::::*
	cpe:2.3:a:citrix:netscaler_sd-wan:9.3.0::::wan_optimization:::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/103186
http://www.securitytracker.com/id/1040439
https://support.citrix.com/article/CTX232199

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-03-01T17:00:00

Updated: 2024-08-05T05:33:44.080Z

Reserved: 2018-01-09T00:00:00

Link: CVE-2018-5314

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-03-01T17:29:00.477

Modified: 2019-10-03T00:03:26.223

Link: CVE-2018-5314

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-02-28T00:00:00", "descriptions": [{"lang": "en", "value": "Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-02T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1040439", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040439"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.citrix.com/article/CTX232199"}, {"name": "103186", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103186"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-5314", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1040439", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040439"}, {"name": "https://support.citrix.com/article/CTX232199", "refsource": "CONFIRM", "url": "https://support.citrix.com/article/CTX232199"}, {"name": "103186", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103186"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:33:44.080Z"}, "title": "CVE Program Container", "references": [{"name": "1040439", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040439"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.citrix.com/article/CTX232199"}, {"name": "103186", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103186"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-5314", "datePublished": "2018-03-01T17:00:00", "dateReserved": "2018-01-09T00:00:00", "dateUpdated": "2024-08-05T05:33:44.080Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "3F5E9373-2929-445C-9111-763997337B8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "B4BF6327-71CB-4536-9C75-0A4FBDA0CE6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "F80C2375-6C9C-4EAE-BA20-A09D9DC85CFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD9ED928-BD5A-466D-A7F0-531E2DC1ED11", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "7C28575C-9D3E-4818-9CE8-97EBC993E4E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_gateway:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "9C4E17DA-D4EA-49A9-9AB1-FDCA5A830B59", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:netscaler_sd-wan:9.3.0:*:*:*:wan_optimization:*:*:*", "matchCriteriaId": "2C3A8744-6053-4678-B132-2BD6B0178C7F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n de comandos en Citrix NetScaler ADC y NetScaler Gateway en versiones 11.0 anteriores a la build 70.16, versiones 11.1 anteriores a la build 55.13 y las versiones 12.0 anteriores a la build 53.13; y la instancia NetScaler Load Balancing distribuida en NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 y 5100 WAN Optimization Edition 9.3.0 permite que atacantes remotos ejecuten un comando del sistema o lean archivos arbitrarios mediante un mensaje de inicio de sesi\u00f3n SSH."}], "id": "CVE-2018-5314", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-01T17:29:00.477", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103186"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040439"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.citrix.com/article/CTX232199"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}