PT-2015-6771 · Citrix · Citrix Netscaler Application Delivery Controller+1
Publicado
2015-07-16
·
Atualizado
2016-12-07
·
CVE-2015-5080
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions 10.1 before 10.1.132.8
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions 10.5 before Build 56.15
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions 10.5.e before Build 56.1505.e
Description
The issue allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the
filter parameter to the "rapi/ipsec logs" endpoint.Recommendations
For versions 10.1 before 10.1.132.8, update to version 10.1.132.8 or later.
For versions 10.5 before Build 56.15, update to Build 56.15 or later.
For versions 10.5.e before Build 56.1505.e, update to Build 56.1505.e or later.
Correção
Command Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Citrix Netscaler Application Delivery Controller
Netscaler Gateway