RCE in Citrix Netscaler_application_delivery_controller_firmware

CVE-2015-5080

The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitr…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.010 (77.4th percentile) — read the EPSS interpretation.

Affected products

Citrix Netscaler_application_delivery_controller_firmware — versions 10.1, 10.1.120.1316.e, 10.1.121
Citrix Netscaler_gateway_firmware — versions 10.1.120.1316.e, 10.1.121, 10.1.122
N/a — versions n/a

Weakness classification (CWE)

CWE-77 — Command Injection

References

cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM)
1032762 (vdb-entry, x_refsource_SECTRACK)
75505 (vdb-entry, x_refsource_BID)