CVE-2018-6186: SSRF
First published: Thu Feb 01 2018(Updated: )
Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Citrix NetScaler | =12.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-6186?
CVE-2018-6186 is a vulnerability that allows an SSRF attack via the /rapi/read_url URI in Citrix NetScaler VPX through NS12.0 53.13.nc.
How severe is CVE-2018-6186?
The severity of CVE-2018-6186 is critical with a severity score of 8.8.
What software is affected by CVE-2018-6186?
Citrix NetScaler VPX version 12.0 is affected by CVE-2018-6186.
How can an attacker exploit CVE-2018-6186?
An authenticated attacker with a webapp account can exploit CVE-2018-6186 to perform an SSRF attack and gain access to the nsroot account.
Are there any references for CVE-2018-6186?
Yes, you can find references for CVE-2018-6186 at the following links: [LINK]
- collector/nvd-index
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/citrix
- canonical/citrix netscaler
- version/citrix netscaler/12.0