CVE-2018-5314: Command Injection
First published: Thu Mar 01 2018(Updated: )
Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Citrix NetScaler Application Delivery Controller | =11.0 | |
| Citrix NetScaler Application Delivery Controller | =11.1 | |
| Citrix NetScaler Application Delivery Controller | =12.0 | |
| Citrix NetScaler Gateway | =11.0 | |
| Citrix NetScaler Gateway | =11.1 | |
| Citrix NetScaler Gateway | =12.0 | |
| Citrix NetScaler SD-WAN | =9.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-5314?
CVE-2018-5314 is a command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway before certain build versions.
How severe is CVE-2018-5314?
CVE-2018-5314 has a severity rating of 7.5 (high).
Which software versions are affected by CVE-2018-5314?
CVE-2018-5314 affects Citrix NetScaler ADC and NetScaler Gateway versions 11.0, 11.1, and 12.0, as well as NetScaler Load Balancing instances distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000, and 5100 WAN Optimization Edition 9.3.
How do I fix CVE-2018-5314?
To fix CVE-2018-5314, update your Citrix NetScaler ADC, NetScaler Gateway, and NetScaler Load Balancing instance to the recommended build versions listed in the Citrix advisory.
Where can I find more information about CVE-2018-5314?
You can find more information about CVE-2018-5314 in the following references: [SecurityFocus](http://www.securityfocus.com/bid/103186), [SecurityTracker](http://www.securitytracker.com/id/1040439), and the [Citrix advisory](https://support.citrix.com/article/CTX232199).
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/citrix
- canonical/citrix netscaler application delivery controller
- version/citrix netscaler application delivery controller/11.0
- version/citrix netscaler application delivery controller/11.1
- version/citrix netscaler application delivery controller/12.0
- canonical/citrix netscaler gateway
- version/citrix netscaler gateway/11.0
- version/citrix netscaler gateway/11.1
- version/citrix netscaler gateway/12.0
- canonical/citrix netscaler sd-wan
- version/citrix netscaler sd-wan/9.3.0