PT-2015-6771 · Citrix · Citrix Netscaler Application Delivery Controller+1
Published
2015-07-16
·
Updated
2016-12-07
·
CVE-2015-5080
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions 10.1 before 10.1.132.8
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions 10.5 before Build 56.15
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway versions 10.5.e before Build 56.1505.e
Description
The issue allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the
filter parameter to the "rapi/ipsec logs" endpoint.Recommendations
For versions 10.1 before 10.1.132.8, update to version 10.1.132.8 or later.
For versions 10.5 before Build 56.15, update to Build 56.15 or later.
For versions 10.5.e before Build 56.1505.e, update to Build 56.1505.e or later.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Citrix Netscaler Application Delivery Controller
Netscaler Gateway