1. CVE-Search
  2. CVE-2018-6186
ID CVE-2018-6186
Summary Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges.
References
Vulnerable Configurations
  • cpe:2.3:a:citrix:netscaler:12.0:*:*:*:*:*:*:*
    cpe:2.3:a:citrix:netscaler:12.0:*:*:*:*:*:*:*
CVSS
Base: 9.0 (as of 03-03-2018 - 02:29)
Impact:
Exploitability:
CWE CWE-918
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:S/C:C/I:C/A:C
refmap via4
bid 102915
confirm https://support.citrix.com/article/CTX232161
misc https://gist.github.com/buxu/04ce809eb8b32ef57e232eab5e61f023
sectrack 1040440
Last major update 03-03-2018 - 02:29
Published 01-02-2018 - 14:29
Last modified 03-03-2018 - 02:29
Back to Top