CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2018-6809
https://notcve.org/view.php?id=CVE-2018-6809
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system. NetScaler ADC 10.5, 11.0, 11.1 y 12.0 y NetScaler Gateway 10.5, 11.0, 11.1 y12.0 permiten que atacantes remotos obtengan privilegios en el sistema objetivo. • http://www.securitytracker.com/id/1040440 https://support.citrix.com/article/CTX232161 •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2018-6810
https://notcve.org/view.php?id=CVE-2018-6810
Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request. Vulnerabilidad de salto de directorio en NetScaler ADC 10.5, 11.0, 11.1 y 12.0 y NetScaler Gateway 10.5, 11.0, 11.1 y12.0 permite que atacantes remotos salten el directorio en el sistema objetivo mediante una petición manipulada. • http://www.securitytracker.com/id/1040440 https://support.citrix.com/article/CTX232161 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2018-6808
https://notcve.org/view.php?id=CVE-2018-6808
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system. NetScaler ADC 10.5, 11.0, 11.1 y 12.0 y NetScaler Gateway 10.5, 11.0, 11.1 y12.0 permiten que atacantes remotos descarguen archivos arbitrarios en el sistema objetivo. • http://www.securitytracker.com/id/1040440 https://support.citrix.com/article/CTX232161 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-5314
https://notcve.org/view.php?id=CVE-2018-5314
Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt. Vulnerabilidad de inyección de comandos en Citrix NetScaler ADC y NetScaler Gateway en versiones 11.0 anteriores a la build 70.16, versiones 11.1 anteriores a la build 55.13 y las versiones 12.0 anteriores a la build 53.13; y la instancia NetScaler Load Balancing distribuida en NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 y 5100 WAN Optimization Edition 9.3.0 permite que atacantes remotos ejecuten un comando del sistema o lean archivos arbitrarios mediante un mensaje de inicio de sesión SSH. • http://www.securityfocus.com/bid/103186 http://www.securitytracker.com/id/1040439 https://support.citrix.com/article/CTX232199 • CWE-287: Improper Authentication •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2017-17382
https://notcve.org/view.php?id=CVE-2017-17382
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway 10.5 anteriores a la build 67.13, 11.0 anteriores a la build 71.22, 11.1 anteriores a la build 56.19 y 12.0 anteriores a la build 53.22 podría permitir que atacantes remotos descifren datos de texto cifrado TLS aprovechando un oráculo de relleno RSA Bleichenbacher. Esto también se conoce como ataque ROBOT. • http://www.securityfocus.com/bid/102173 http://www.securitytracker.com/id/1039985 https://robotattack.org https://support.citrix.com/article/ctx230238 https://www.kb.cert.org/vuls/id/144389 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •