Lucene search

[email protected]CVE-2015-2838

HistoryApr 03, 2015 - 2:59 p.m.

CVE-2015-2838

2015-04-0314:59:01

CWE-352

[email protected]

web.nvd.nist.gov

cve-2015-2838

citrix netscaler

csrf vulnerability

remote attackers

authentication hijacking

arbitrary commands

nsroot

shell metacharacters

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.3%

JSON

Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.

Affected configurations

NVD

Node

citrixnetscalerMatch10.5

CPENameOperatorVersion
citrix:netscalercitrix netscalereq10.5

CPE	Name	Operator	Version
citrix:netscaler	citrix netscaler	eq	10.5

References

packetstormsecurity.com/files/130937/Citrix-NITRO-SDK-Command-Injection.html

seclists.org/fulldisclosure/2015/Mar/129

www.securityfocus.com/archive/1/534936/100/0/threaded

www.securityfocus.com/bid/73358

www.exploit-db.com/exploits/36442/

www.securify.nl/advisory/SFY20140806/command_injection_vulnerability_in_citrix_nitro_sdk_xen_hotfix_page.html

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.3%

JSON

Related for CVE-2015-2838

cvelist1 nvd1 prion1 openvas1 kaspersky1