CVE-2018-6808 - OpenCVE

NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Citrix	Netscaler Application Delivery Controller Netscaler Application Delivery Controller Firmware Netscaler Gateway Netscaler Gateway Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5:::::::*
	cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:11.0:::::::*
	cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:11.1:::::::*
	cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:12.0:::::::*

cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:::::::*
	cpe:2.3:o:citrix:netscaler_gateway_firmware:11.0:::::::*
	cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:::::::*
	cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:::::::*

cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securitytracker.com/id/1040440
https://support.citrix.com/article/CTX232161

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-03-06T20:00:00

Updated: 2024-08-05T06:10:11.369Z

Reserved: 2018-02-07T00:00:00

Link: CVE-2018-6808

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-03-06T20:29:01.063

Modified: 2018-03-26T16:13:38.047

Link: CVE-2018-6808

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-03-01T00:00:00", "descriptions": [{"lang": "en", "value": "NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-06T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.citrix.com/article/CTX232161"}, {"name": "1040440", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040440"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-6808", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://support.citrix.com/article/CTX232161", "refsource": "CONFIRM", "url": "https://support.citrix.com/article/CTX232161"}, {"name": "1040440", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040440"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:10:11.369Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.citrix.com/article/CTX232161"}, {"name": "1040440", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040440"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-6808", "datePublished": "2018-03-06T20:00:00", "dateReserved": "2018-02-07T00:00:00", "dateUpdated": "2024-08-05T06:10:11.369Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*", "matchCriteriaId": "D8C7525B-2A2D-43AF-8DA0-11FF28322337", "vulnerable": true}, {"criteria": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "CB678AF5-12B4-41D0-A381-46EE277313B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "123D42E1-3CDD-4D46-82F6-8982DE716F7E", "vulnerable": true}, {"criteria": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "FFCE3458-6750-4773-BA18-CAA67A6093D4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:citrix:netscaler_application_delivery_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "81FD5100-3ADB-4C21-BCE5-CDA7C4C1D8B9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*", "matchCriteriaId": "7E0FA8E2-3E8F-481E-8C39-FB00A9739DFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "D2C6F82C-9969-4A6E-88C8-AB8BB0AAD3C7", "vulnerable": true}, {"criteria": "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "A5D73B9A-59AA-4A38-AEAF-7EAB0965CD7E", "vulnerable": true}, {"criteria": "cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "B9F3ED0E-7F3D-477B-B645-77DA5FC7F502", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*", "matchCriteriaId": "DEBB9B6A-1CAD-4D82-9B1E-939921986053", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system."}, {"lang": "es", "value": "NetScaler ADC 10.5, 11.0, 11.1 y 12.0 y NetScaler Gateway 10.5, 11.0, 11.1 y12.0 permiten que atacantes remotos descarguen archivos arbitrarios en el sistema objetivo."}], "id": "CVE-2018-6808", "lastModified": "2018-03-26T16:13:38.047", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-06T20:29:01.063", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040440"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.citrix.com/article/CTX232161"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}