Vulnerability Description
Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Netscaler Application Delivery Controller | 11.0 |
| Citrix | Netscaler Gateway | 11.0 |
| Citrix | Netscaler Sd-Wan | 9.3.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103186Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040439Third Party AdvisoryVDB Entry
- https://support.citrix.com/article/CTX232199Vendor Advisory
- http://www.securityfocus.com/bid/103186Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040439Third Party AdvisoryVDB Entry
- https://support.citrix.com/article/CTX232199Vendor Advisory
FAQ
What is CVE-2018-5314?
CVE-2018-5314 is a vulnerability with a CVSS score of 7.5 (HIGH). Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance d...
How severe is CVE-2018-5314?
CVE-2018-5314 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-5314?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Netscaler Application Delivery Controller, Citrix Netscaler Gateway, Citrix Netscaler Sd-Wan.