CVE-2015-5080

EUVD-2015-5096
The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter parameter to rapi/ipsec_logs.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
Affected Products (NVD)
VendorProductVersion
citrixnetscaler_application_delivery_controller_firmware
10.1
citrixnetscaler_application_delivery_controller_firmware
10.1.120.1316.e:e
citrixnetscaler_application_delivery_controller_firmware
10.1.121
citrixnetscaler_application_delivery_controller_firmware
10.1.122
citrixnetscaler_application_delivery_controller_firmware
10.1.123
citrixnetscaler_application_delivery_controller_firmware
10.1.124
citrixnetscaler_application_delivery_controller_firmware
10.1.125
citrixnetscaler_application_delivery_controller_firmware
10.1.126
citrixnetscaler_application_delivery_controller_firmware
10.1.127
citrixnetscaler_application_delivery_controller_firmware
10.1.128
citrixnetscaler_application_delivery_controller_firmware
10.1.129
citrixnetscaler_application_delivery_controller_firmware
10.5
citrixnetscaler_application_delivery_controller_firmware
10.5e:e
citrixnetscaler_gateway_firmware
10.1.120.1316.e:e
citrixnetscaler_gateway_firmware
10.1.121
citrixnetscaler_gateway_firmware
10.1.122
citrixnetscaler_gateway_firmware
10.1.123
citrixnetscaler_gateway_firmware
10.1.124
citrixnetscaler_gateway_firmware
10.1.125
citrixnetscaler_gateway_firmware
10.1.126
citrixnetscaler_gateway_firmware
10.1.127
citrixnetscaler_gateway_firmware
10.1.128
citrixnetscaler_gateway_firmware
10.1.129
citrixnetscaler_gateway_firmware
10.5
citrixnetscaler_gateway_firmware
10.5.50.10
citrixnetscaler_gateway_firmware
10.5.51.10
citrixnetscaler_gateway_firmware
10.5e:e
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://security-assessment.com/files/documents/advisory/Citrix-Netscaler-Final.pdf
http://support.citrix.com/article/CTX201149
http://www.securityfocus.com/bid/75505
http://www.securitytracker.com/id/1032762
http://security-assessment.com/files/documents/advisory/Citrix-Netscaler-Final.pdf
http://support.citrix.com/article/CTX201149
http://www.securityfocus.com/bid/75505
http://www.securitytracker.com/id/1032762