CVE-2018-5314

Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.

Published: Mar 1, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-5314
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
citrix / netscaler_sd-wan	9.3.0	9.3.0.x
citrix / netscaler_gateway	11.0	11.0.x
citrix / netscaler_gateway	11.1	11.1.x
citrix / netscaler_gateway	12.0	12.0.x
citrix / netscaler_application_delivery_controller	11.0	11.0.x
citrix / netscaler_application_delivery_controller	11.1	11.1.x
citrix / netscaler_application_delivery_controller	12.0	12.0.x

Vulnerability Database

289,697

CVE-2018-5314