Vulnerability Name:

CVE-2015-2838 (CCN-101704)

Assigned:2015-03-19
Published:2015-03-19
Updated:2018-10-09
Summary:Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-352
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2015-2838

Source: MISC
Type: Exploit
http://packetstormsecurity.com/files/130937/Citrix-NITRO-SDK-Command-Injection.html

Source: CCN
Type: BugTraq Mailing List, Thu, 19 Mar 2015 17:14:20 +0100
Command injection vulnerability in Citrix NITRO SDK xen_hotfix page

Source: FULLDISC
Type: UNKNOWN
20150319 Command injection vulnerability in Citrix NITRO SDK xen_hotfix page

Source: CCN
Type: Citrix Web site
NITRO SDK

Source: BUGTRAQ
Type: UNKNOWN
20150319 Command injection vulnerability in Citrix NITRO SDK xen_hotfix page

Source: BID
Type: UNKNOWN
73358

Source: XF
Type: UNKNOWN
citrix-nitro-command-exec(101704)

Source: CCN
Type: Packet Storm Security [03-20-2015]
Citrix NITRO SDK Command Injection

Source: EXPLOIT-DB
Type: UNKNOWN
36442

Source: CCN
Type: Securify Web site
Command injection vulnerability in Citrix NITRO SDK xen_hotfix page

Source: MISC
Type: Exploit
https://www.securify.nl/advisory/SFY20140806/command_injection_vulnerability_in_citrix_nitro_sdk_xen_hotfix_page.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:citrix:netscaler:10.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    citrix netscaler 10.5