Privilege escalation in Citrix NetScaler Application Delivery Controller and NetScaler Gateway

1) Privilege escalation

EUVDB-ID: #VU12796

Risk: Medium

CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-7218

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to gain elevated privileges.

The weakness exists in the AppFirewall feature due to improper access control. An adjacent attacker can gain elevated privileges and execute arbitrary code and compromise the host system.

Mitigation

Update to versions 10.5 Build 68.7, 11.0 Build 71.24, 11.1 Build 58.13 or 12.0 Build 57.24.

Vulnerable software versions

Citrix Netscaler ADC: 10.5 Build 67.10/67.13 - 12.0 56.20

Citrix NetScaler Gateway: 10.5.67.10 - 12.0.56.20

CPE2.3

• cpe:2.3:a:citrix:citrix_netscaler_adc:10.5 Build 67.10/67.13:*:*:*:*:*:*:*
• cpe:2.3:a:citrix:citrix_netscaler_adc:11.0:70.12:*:*:*:*:*:*
• cpe:2.3:a:citrix:citrix_netscaler_adc:11.0:70.16:*:*:*:*:*:*
• cpe:2.3:a:citrix:citrix_netscaler_gateway:10.5.67.10:*:*:*:*:*:*:*
• cpe:2.3:a:citrix:citrix_netscaler_gateway:11.0.70.12:*:*:*:*:*:*:*
• cpe:2.3:a:citrix:citrix_netscaler_gateway:11.0.70.16:*:*:*:*:*:*:*

External links

https://support.citrix.com/article/CTX234869

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.