Vulnerability Name:

CVE-2015-5080 (CCN-104312)

Assigned:2015-06-03
Published:2015-06-03
Updated:2016-12-07
Summary:The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter parameter to rapi/ipsec_logs.
CVSS v3 Severity:5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
6.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
4.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-77
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2015-5080

Source: MISC
Type: UNKNOWN
http://security-assessment.com/files/documents/advisory/Citrix-Netscaler-Final.pdf

Source: CCN
Type: CTX201149
Vulnerability in Citrix NetScaler Application Deliver Controller and NetScaler Gateway Management Interface Could Result in Arbitrary Command Injection

Source: CONFIRM
Type: UNKNOWN
http://support.citrix.com/article/CTX201149

Source: BID
Type: UNKNOWN
75505

Source: SECTRACK
Type: UNKNOWN
1032762

Source: XF
Type: UNKNOWN
citrix-netscaler-cve2015080-command-exec(104312)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:citrix:netscaler_application_delivery_controller_firmware:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:citrix:netscaler_application_delivery_controller_firmware:10.1.120.1316.e:*:*:*:*:*:*:*
  • OR cpe:/o:citrix:netscaler_application_delivery_controller_firmware:10.1.121:*:*:*:*:*:*:*
  • OR cpe:/o:citrix:netscaler_application_delivery_controller_firmware:10.1.122:*:*:*:*:*:*:*
  • OR cpe:/o:citrix:netscaler_application_delivery_controller_firmware:10.1.123:*:*:*:*:*:*:*
  • OR cpe:/o:citrix:netscaler_application_delivery_controller_firmware:10.1.124:*:*:*:*:*:*:*
  • OR cpe:/o:citrix:netscaler_application_delivery_controller_firmware:10.1.125:*:*:*:*:*:*:*
  • OR cpe:/o:citrix:netscaler_application_delivery_controller_firmware:10.1.126:*:*:*:*:*:*:*
  • OR cpe:/o:citrix:netscaler_application_delivery_controller_firmware:10.1.127:*:*:*:*:*:*:*
  • OR cpe:/o:citrix:netscaler_application_delivery_controller_firmware:10.1.128:*:*:*:*:*:*:*
  • OR cpe:/o:citrix:netscaler_application_delivery_controller_firmware:10.1.129:*:*:*:*:*:*:*
  • OR cpe:/o:citrix:netscaler_application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*
  • OR cpe:/o:citrix:netscaler_application_delivery_controller_firmware:10.5e:*:*:*:*:*:*:*
  • OR cpe:/o:citrix:netscaler_gateway_firmware:10.1.120.1316.e:*:*:*:*:*:*:*
  • OR cpe:/o:citrix:netscaler_gateway_firmware:10.1.121:*:*:*:*:*:*:*
  • OR cpe:/o:citrix:netscaler_gateway_firmware:10.1.122:*:*:*:*:*:*:*
  • OR cpe:/o:citrix:netscaler_gateway_firmware:10.1.123:*:*:*:*:*:*:*
  • OR cpe:/o:citrix:netscaler_gateway_firmware:10.1.124:*:*:*:*:*:*:*
  • OR cpe:/o:citrix:netscaler_gateway_firmware:10.1.125:*:*:*:*:*:*:*
  • OR cpe:/o:citrix:netscaler_gateway_firmware:10.1.126:*:*:*:*:*:*:*
  • OR cpe:/o:citrix:netscaler_gateway_firmware:10.1.127:*:*:*:*:*:*:*
  • OR cpe:/o:citrix:netscaler_gateway_firmware:10.1.128:*:*:*:*:*:*:*
  • OR cpe:/o:citrix:netscaler_gateway_firmware:10.1.129:*:*:*:*:*:*:*
  • OR cpe:/o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*
  • OR cpe:/o:citrix:netscaler_gateway_firmware:10.5.50.10:*:*:*:*:*:*:*
  • OR cpe:/o:citrix:netscaler_gateway_firmware:10.5.51.10:*:*:*:*:*:*:*
  • OR cpe:/o:citrix:netscaler_gateway_firmware:10.5e:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    citrix netscaler application delivery controller firmware 10.1
    citrix netscaler application delivery controller firmware 10.1.120.1316.e
    citrix netscaler application delivery controller firmware 10.1.121
    citrix netscaler application delivery controller firmware 10.1.122
    citrix netscaler application delivery controller firmware 10.1.123
    citrix netscaler application delivery controller firmware 10.1.124
    citrix netscaler application delivery controller firmware 10.1.125
    citrix netscaler application delivery controller firmware 10.1.126
    citrix netscaler application delivery controller firmware 10.1.127
    citrix netscaler application delivery controller firmware 10.1.128
    citrix netscaler application delivery controller firmware 10.1.129
    citrix netscaler application delivery controller firmware 10.5
    citrix netscaler application delivery controller firmware 10.5e
    citrix netscaler gateway firmware 10.1.120.1316.e
    citrix netscaler gateway firmware 10.1.121
    citrix netscaler gateway firmware 10.1.122
    citrix netscaler gateway firmware 10.1.123
    citrix netscaler gateway firmware 10.1.124
    citrix netscaler gateway firmware 10.1.125
    citrix netscaler gateway firmware 10.1.126
    citrix netscaler gateway firmware 10.1.127
    citrix netscaler gateway firmware 10.1.128
    citrix netscaler gateway firmware 10.1.129
    citrix netscaler gateway firmware 10.5
    citrix netscaler gateway firmware 10.5.50.10
    citrix netscaler gateway firmware 10.5.51.10
    citrix netscaler gateway firmware 10.5e