Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-5080

The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter parameter to rapi/ipsec_logs.

Published

2015-07-16T14:59:05.933

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	citrix	netscaler_application_delivery_controller_firmware	10.1	Yes
Operating System	citrix	netscaler_application_delivery_controller_firmware	10.1.120.1316.e	Yes
Operating System	citrix	netscaler_application_delivery_controller_firmware	10.1.121	Yes
Operating System	citrix	netscaler_application_delivery_controller_firmware	10.1.122	Yes
Operating System	citrix	netscaler_application_delivery_controller_firmware	10.1.123	Yes
Operating System	citrix	netscaler_application_delivery_controller_firmware	10.1.124	Yes
Operating System	citrix	netscaler_application_delivery_controller_firmware	10.1.125	Yes
Operating System	citrix	netscaler_application_delivery_controller_firmware	10.1.126	Yes
Operating System	citrix	netscaler_application_delivery_controller_firmware	10.1.127	Yes
Operating System	citrix	netscaler_application_delivery_controller_firmware	10.1.128	Yes
Operating System	citrix	netscaler_application_delivery_controller_firmware	10.1.129	Yes
Operating System	citrix	netscaler_application_delivery_controller_firmware	10.5	Yes
Operating System	citrix	netscaler_application_delivery_controller_firmware	10.5e	Yes
Operating System	citrix	netscaler_gateway_firmware	10.1.120.1316.e	Yes
Operating System	citrix	netscaler_gateway_firmware	10.1.121	Yes
Operating System	citrix	netscaler_gateway_firmware	10.1.122	Yes
Operating System	citrix	netscaler_gateway_firmware	10.1.123	Yes
Operating System	citrix	netscaler_gateway_firmware	10.1.124	Yes
Operating System	citrix	netscaler_gateway_firmware	10.1.125	Yes
Operating System	citrix	netscaler_gateway_firmware	10.1.126	Yes
Operating System	citrix	netscaler_gateway_firmware	10.1.127	Yes
Operating System	citrix	netscaler_gateway_firmware	10.1.128	Yes
Operating System	citrix	netscaler_gateway_firmware	10.1.129	Yes
Operating System	citrix	netscaler_gateway_firmware	10.5	Yes
Operating System	citrix	netscaler_gateway_firmware	10.5.50.10	Yes
Operating System	citrix	netscaler_gateway_firmware	10.5.51.10	Yes
Operating System	citrix	netscaler_gateway_firmware	10.5e	Yes

References

http://security-assessment.com/files/documents/advisory/Citrix-Netscaler-Final.pdf ([email protected])
http://support.citrix.com/article/CTX201149 ([email protected])
http://www.securityfocus.com/bid/75505 ([email protected])
http://www.securitytracker.com/id/1032762 ([email protected])
http://security-assessment.com/files/documents/advisory/Citrix-Netscaler-Final.pdf (af854a3a-2127-422b-91ae-364da2661108)
http://support.citrix.com/article/CTX201149 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/75505 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1032762 (af854a3a-2127-422b-91ae-364da2661108)