Details of VAR-201803-2100

ID

VAR-201803-2100

CVE

CVE-2018-6808

TITLE

Citrix NetScaler ADC and NetScaler Gateway Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-002542

DESCRIPTION

NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system. Citrix NetScaler ADC and NetScaler Gateway Contains an information disclosure vulnerability.Information may be obtained. NetScaler ADC is a service and application delivery solution (application delivery controller); NetScaler Gateway is a secure remote access solution. The following products and versions are affected: Citrix NetScaler ADC Release 10.5, Release 11.0, Release 11.1, Release 12.0; NetScaler Gateway Release 10.5, Release 11.0, Release 11.1, Release 12.0

Trust: 1.8

sources: NVD: CVE-2018-6808 // JVNDB: JVNDB-2018-002542 // VULHUB: VHN-136840 // VULMON: CVE-2018-6808

AFFECTED PRODUCTS

vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.5	Trust: 2.4
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	11.0	Trust: 2.4
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	11.1	Trust: 2.4
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	12.0	Trust: 2.4
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.5	Trust: 2.4
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	11.0	Trust: 2.4
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	11.1	Trust: 2.4
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	12.0	Trust: 2.4

sources: JVNDB: JVNDB-2018-002542 // CNNVD: CNNVD-201803-148 // NVD: CVE-2018-6808

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-6808
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-6808
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201803-148
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-136840
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-6808
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-6808
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-136840
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-6808
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-136840 // VULMON: CVE-2018-6808 // JVNDB: JVNDB-2018-002542 // CNNVD: CNNVD-201803-148 // NVD: CVE-2018-6808

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-136840 // JVNDB: JVNDB-2018-002542 // NVD: CVE-2018-6808

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-148

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201803-148

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002542

PATCH

title:	CTX232161	url:	https://support.citrix.com/article/CTX232161	Trust: 0.8
title:	Citrix NetScaler Application Delivery Controller and NetScaler Gateway Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78922	Trust: 0.6
title:	Citrix Security Bulletins: Citrix NetScaler Application Delivery Controller and NetScaler Gateway Multiple Security Updates	url:	https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=cf8a157f0a34d7fb512f6c61c9c75a50	Trust: 0.1

sources: VULMON: CVE-2018-6808 // JVNDB: JVNDB-2018-002542 // CNNVD: CNNVD-201803-148

EXTERNAL IDS

db:	NVD	id:	CVE-2018-6808	Trust: 2.6
db:	SECTRACK	id:	1040440	Trust: 1.8
db:	JVNDB	id:	JVNDB-2018-002542	Trust: 0.8
db:	CNNVD	id:	CNNVD-201803-148	Trust: 0.7
db:	VULHUB	id:	VHN-136840	Trust: 0.1
db:	VULMON	id:	CVE-2018-6808	Trust: 0.1

sources: VULHUB: VHN-136840 // VULMON: CVE-2018-6808 // JVNDB: JVNDB-2018-002542 // CNNVD: CNNVD-201803-148 // NVD: CVE-2018-6808

REFERENCES

url:	https://support.citrix.com/article/ctx232161	Trust: 1.9
url:	http://www.securitytracker.com/id/1040440	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6808	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-6808	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-136840 // VULMON: CVE-2018-6808 // JVNDB: JVNDB-2018-002542 // CNNVD: CNNVD-201803-148 // NVD: CVE-2018-6808

SOURCES

db:	VULHUB	id:	VHN-136840
db:	VULMON	id:	CVE-2018-6808
db:	JVNDB	id:	JVNDB-2018-002542
db:	CNNVD	id:	CNNVD-201803-148
db:	NVD	id:	CVE-2018-6808

LAST UPDATE DATE

2024-11-23T22:26:25.787000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-136840	date:	2018-03-26T00:00:00
db:	VULMON	id:	CVE-2018-6808	date:	2018-03-26T00:00:00
db:	JVNDB	id:	JVNDB-2018-002542	date:	2018-04-18T00:00:00
db:	CNNVD	id:	CNNVD-201803-148	date:	2018-03-07T00:00:00
db:	NVD	id:	CVE-2018-6808	date:	2024-11-21T04:11:13.900

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-136840	date:	2018-03-06T00:00:00
db:	VULMON	id:	CVE-2018-6808	date:	2018-03-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-002542	date:	2018-04-18T00:00:00
db:	CNNVD	id:	CNNVD-201803-148	date:	2018-03-07T00:00:00
db:	NVD	id:	CVE-2018-6808	date:	2018-03-06T20:29:01.063