Remote Code Execution Vulnerability in Citrix Application Delivery Controller and Gateway
CVE-2018-7218

9.8CRITICAL

Key Information:

Vendor: Citrix
Status: Application Delivery Controller Firmware
Vendor: CVE Published:; 17 May 2018

Summary

The AppFirewall feature in Citrix's NetScaler Application Delivery Controller and NetScaler Gateway is susceptible to a vulnerability that allows remote attackers to execute arbitrary code. This flaw affects multiple versions prior to specific builds, enabling potential exploitation through undefined vectors, which could lead to unauthorized access and system control.

References

https://support.citrix.com/article/CTX234869

x_refsource_CONFIRM

http://www.securitytracker.com/id/1040921

vdb-entryx_refsource_SECTRACK

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 17, 2018
Vulnerability Reserved
Feb 18, 2018