CVE-2015-5080

The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter parameter to rapi/ipsec_logs.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://security-assessment.com/files/documents/advisory/Citrix-Netscaler-Final.pdf
http://www.securitytracker.com/id/1032762
http://support.citrix.com/article/CTX201149
http://www.securityfocus.com/bid/75505

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.123:::::::*
	cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.124:::::::*
	cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5e:::::::*
	cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.120.1316.e:::::::*
	cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1:::::::*
	cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.120.1316.e:::::::*
	cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.127:::::::*
	cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.128:::::::*
	cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.124:::::::*
	cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.125:::::::*
	cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5.50.10:::::::*
	cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.128:::::::*
	cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.122:::::::*
	cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5e:::::::*
	cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.125:::::::*
	cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.123:::::::*
	cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.129:::::::*
	cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.121:::::::*
	cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.126:::::::*
	cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.127:::::::*
	cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.126:::::::*
	cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:::::::*
	cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5:::::::*
	cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.122:::::::*
	cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5.51.10:::::::*
	cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.121:::::::*
	cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.129:::::::*

Information

Published : 2015-07-16 07:59

Updated : 2016-12-07 10:15

NVD link : CVE-2015-5080

Mitre link : CVE-2015-5080

JSON object : View

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Products Affected

citrix

netscaler_application_delivery_controller_firmware
netscaler_gateway_firmware

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://security-assessment.com/files/documents/advisory/Citrix-Netscaler-Final.pdf", "name": "http://security-assessment.com/files/documents/advisory/Citrix-Netscaler-Final.pdf", "tags": [], "refsource": "MISC"}, {"url": "http://www.securitytracker.com/id/1032762", "name": "1032762", "tags": [], "refsource": "SECTRACK"}, {"url": "http://support.citrix.com/article/CTX201149", "name": "http://support.citrix.com/article/CTX201149", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/75505", "name": "75505", "tags": [], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter parameter to rapi/ipsec_logs."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-77"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-5080", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-07-16T14:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.123:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.124:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.120.1316.e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.120.1316.e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.127:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.128:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.124:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.125:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5.50.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.128:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.122:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.125:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.123:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.129:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.121:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.126:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.127:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.126:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.122:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5.51.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_application_delivery_controller_firmware:10.1.121:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.1.129:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2016-12-07T18:15Z"}

9.0 /10