Skip to main content

Application Delivery Controller Firmware CVE-2018-7218

CRITICAL
2018-05-17 cve@mitre.org
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 17, 2018 - 19:29 nvd
CRITICAL 9.8

DescriptionNVD

The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build 57.24 allows remote attackers to execute arbitrary code via unspecified vectors.

AnalysisAI

The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build 57.24 allows remote attackers to execute arbitrary code via unspecified vectors. Affected products include: Citrix Application Delivery Controller Firmware, Citrix Netscaler Gateway Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-17382 MEDIUM POC
5.9 Dec 13

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build

CVE-2020-8195 MEDIUM POC
6.5 Jul 10

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.1

CVE-2020-8194 MEDIUM POC
6.5 Jul 10

Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14

CVE-2020-8193 MEDIUM POC
6.5 Jul 10

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14

CVE-2020-8191 MEDIUM POC
6.1 Jul 10

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.1

CVE-2022-27516 CRITICAL
9.8 Nov 08

User login brute force protection functionality bypass. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2022-27510 CRITICAL
9.8 Nov 08

Unauthorized access to Gateway user capabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exp

CVE-2019-18225 CRITICAL
9.8 Oct 21

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before

CVE-2022-27513 CRITICAL
9.6 Nov 08

Remote desktop takeover via phishing. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no

CVE-2020-8247 HIGH
8.8 Sep 18

Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix AD

CVE-2020-8197 HIGH
8.8 Jul 10

Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21,

CVE-2021-22927 HIGH
8.1 Aug 05

A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provide

Share

CVE-2018-7218 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy