CVE-2018-5314

Name of the Vulnerable Software and Affected Versions Citrix NetScaler ADC and NetScaler Gateway versions 11.0 before build 70.16 Citrix NetScaler ADC and NetScaler Gateway versions 11.1 before build 55.13 Citrix NetScaler ADC and NetScaler Gateway versions 12.0 before build 53.13 NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition version 9.3.0

Description The issue allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt. This is a command injection vulnerability.

Recommendations For Citrix NetScaler ADC and NetScaler Gateway versions 11.0 before build 70.16, update to build 70.16 or later. For Citrix NetScaler ADC and NetScaler Gateway versions 11.1 before build 55.13, update to build 55.13 or later. For Citrix NetScaler ADC and NetScaler Gateway versions 12.0 before build 53.13, update to build 53.13 or later. For NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition version 9.3.0, consider disabling SSH login until a patch is available.