CVE-2018-6186

EUVD-2018-17948
Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Affected Products (NVD)
VendorProductVersion
citrixnetscaler
12.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/102915
http://www.securitytracker.com/id/1040440
https://gist.github.com/buxu/04ce809eb8b32ef57e232eab5e61f023
https://support.citrix.com/article/CTX232161
http://www.securityfocus.com/bid/102915
http://www.securitytracker.com/id/1040440
https://gist.github.com/buxu/04ce809eb8b32ef57e232eab5e61f023
https://support.citrix.com/article/CTX232161