Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
citrixCitrixCTX232161
HistoryMar 01, 2018 - 5:00 a.m.

Citrix NetScaler Application Delivery Controller and NetScaler Gateway Multiple Security Updates

2018-03-0105:00:00
support.citrix.com
17

0.004 Low

EPSS

Percentile

72.8%

JSON

<section>
<div><div>
<div>

<h2> Description of Problem</h2>

<div>
<div>
<div>
<p>A number of vulnerabilities have been identified in supported versions of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway.</p>
<p>The following vulnerabilities have been addressed:</p>
<ul>
<li>CVE-2018-6810: Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Directory Traversal Vulnerability</li>
<li>CVE-2018-6808: Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Arbitrary File Download Vulnerability</li>
<li>CVE-2018-6809: Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Privilege Escalation Vulnerability</li>
<li>CVE-2018-6811: Multiple Cross-Site Scripting vulnerabilities in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway</li>
<li>CVE-2018-6186: Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges.</li>
</ul>
<p>The vulnerabilities affect the following versions of Citrix NetScaler ADC and NetScaler Gateway:</p>
<ul>
<li>Citrix NetScaler ADC and NetScaler Gateway earlier than version 12.0 Build 57.19</li>
<li>Citrix NetScaler ADC and NetScaler Gateway earlier than version 11.1 Build 56.15</li>
<li>Citrix NetScaler ADC and NetScaler Gateway earlier than version 11.0 Build 71.18</li>
<li>Citrix NetScaler ADC and NetScaler Gateway earlier than version 10.5 Build 67.10</li>
</ul>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> What Customers Should Do</h2>

<div>
<div>
<div>
<p>These vulnerabilities have been addressed in the following versions of Citrix NetScaler ADC and NetScaler Gateway:</p>
<ul>
<li>Citrix NetScaler ADC and NetScaler Gateway version 12.0 Build 57.19 and later</li>
<li>Citrix NetScaler ADC and NetScaler Gateway version 11.1 Build 56.15 and later</li>
<li>Citrix NetScaler ADC and NetScaler Gateway version 11.0 Build 71.18 and later</li>
<li>Citrix NetScaler ADC and NetScaler Gateway version 10.5 Build 67.10 and later</li>
</ul>
<p>Citrix recommends that affected customers upgrade their NetScaler appliances to a version of the appliance firmware that contains a fix for these issues as soon as their patching schedule allows.</p>
<p>These versions are available on the Citrix website at the following addresses:</p>
<p> <a href=“https://www.citrix.com/downloads/netscaler-adc/”>https://www.citrix.com/downloads/netscaler-adc/</a></p>
<p> <a href=“https://www.citrix.com/downloads/netscaler-gateway/”>https://www.citrix.com/downloads/netscaler-gateway/</a></p>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Acknowledgements</h2>

<div>
<div>
<div>
<p>Citrix thanks the Qualys Security Research Team (<a href=“https://www.qualys.com”>https://www.qualys.com</a>) for working with us to protect Citrix customers.</p>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> What Citrix Is Doing</h2>

<div>
<div>
<div>
<div>
<div>
<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=“http://support.citrix.com/”>http://support.citrix.com/</a></u>.</p>
</div>
</div>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Obtaining Support on This Issue</h2>

<div>
<div>
<div>
<div>
<div>
<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=“https://www.citrix.com/support/open-a-support-case.html”>https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>
</div>
</div>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Reporting Security Vulnerabilities</h2>

<div>
<div>
<div>
<div>
<div>
<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 – <a href=“http://support.citrix.com/article/CTX081743”>Reporting Security Issues to Citrix</a></p>
</div>
</div>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Changelog</h2>

<div>
<div>
<div>
<table border=“1” width=“100%”>
<tbody>
<tr>
<td>Date </td>
<td>Change</td>
</tr>
<tr>
<td>1st March 2018 </td>
<td>Initial publishing </td>
</tr>
</tbody>
</table>
</div>
</div>
</div>

<hr />
</div>
</div></div>
</section>

Related

nessus 1
prion 5
cvelist 5
cve 5
nvd 5
nessus
nessus
Citrix NetScaler Multiple Vulnerabilities (CTX232161)
2018-07-05 00:00:00
prion
prion
Design/Logic Flaw
2018-03-06 20:29:00
Directory traversal
2018-03-06 20:29:00
Design/Logic Flaw
2018-03-06 20:29:00
cvelist
cvelist
CVE-2018-6810
2018-03-06 20:00:00
CVE-2018-6809
2018-03-06 20:00:00
CVE-2018-6808
2018-03-06 20:00:00
cve
cve
CVE-2018-6809
2018-03-06 20:29:01
CVE-2018-6810
2018-03-06 20:29:01
CVE-2018-6808
2018-03-06 20:29:01
nvd
nvd
CVE-2018-6809
2018-03-06 20:29:01
CVE-2018-6810
2018-03-06 20:29:01
CVE-2018-6808
2018-03-06 20:29:01

0.004 Low

EPSS

Percentile

72.8%

JSON
Related for CTX232161
nessus1prion5cvelist5cve5nvd5