CVE-2018-6186

Name of the Vulnerable Software and Affected Versions Citrix NetScaler VPX versions prior to NS12.0 53.13.nc

Description The issue is related to insufficient validation of incoming requests in Citrix NetScaler, allowing a remote attacker with webapp privileges to exploit the vulnerability. This can lead to access to the nsroot account and execution of arbitrary commands with root privileges via Server-Side Request Forgery (SSRF) attacks using the "/rapi/read url" API endpoint.

Recommendations For Citrix NetScaler VPX versions prior to NS12.0 53.13.nc, consider restricting access to the /rapi/read url URI to prevent SSRF attacks until a patch is available. As a temporary workaround, limit the privileges of webapp accounts to minimize the risk of exploitation.