Details of VAR-201803-2109

ID

VAR-201803-2109

CVE

CVE-2018-6810

TITLE

Citrix NetScaler ADC and NetScaler Gateway Path traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-002544

DESCRIPTION

Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request. Citrix NetScaler ADC and NetScaler Gateway Contains a path traversal vulnerability.Information may be obtained. NetScaler ADC is a service and application delivery solution (application delivery controller); NetScaler Gateway is a secure remote access solution. The following products and versions are affected: Citrix NetScaler ADC Release 10.5, Release 11.0, Release 11.1, Release 12.0; NetScaler Gateway Release 10.5, Release 11.0, Release 11.1, Release 12.0

Trust: 1.8

sources: NVD: CVE-2018-6810 // JVNDB: JVNDB-2018-002544 // VULHUB: VHN-136842 // VULMON: CVE-2018-6810

AFFECTED PRODUCTS

vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	10.5	Trust: 2.4
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	11.0	Trust: 2.4
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	11.1	Trust: 2.4
vendor:	citrix	model:	netscaler application delivery controller	scope:	eq	version:	12.0	Trust: 2.4
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	10.5	Trust: 2.4
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	11.0	Trust: 2.4
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	11.1	Trust: 2.4
vendor:	citrix	model:	netscaler gateway	scope:	eq	version:	12.0	Trust: 2.4

sources: JVNDB: JVNDB-2018-002544 // CNNVD: CNNVD-201803-146 // NVD: CVE-2018-6810

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-6810
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-6810
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201803-146
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-136842
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-6810
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-6810
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-136842
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-6810
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-136842 // VULMON: CVE-2018-6810 // JVNDB: JVNDB-2018-002544 // CNNVD: CNNVD-201803-146 // NVD: CVE-2018-6810

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-136842 // JVNDB: JVNDB-2018-002544 // NVD: CVE-2018-6810

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-146

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201803-146

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002544

PATCH

title:	CTX232161	url:	https://support.citrix.com/article/CTX232161	Trust: 0.8
title:	Citrix NetScaler Application Delivery Controller and NetScaler Gateway Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78920	Trust: 0.6
title:	Citrix Security Bulletins: Citrix NetScaler Application Delivery Controller and NetScaler Gateway Multiple Security Updates	url:	https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=cf8a157f0a34d7fb512f6c61c9c75a50	Trust: 0.1

sources: VULMON: CVE-2018-6810 // JVNDB: JVNDB-2018-002544 // CNNVD: CNNVD-201803-146

EXTERNAL IDS

db:	NVD	id:	CVE-2018-6810	Trust: 2.6
db:	SECTRACK	id:	1040440	Trust: 1.8
db:	JVNDB	id:	JVNDB-2018-002544	Trust: 0.8
db:	CNNVD	id:	CNNVD-201803-146	Trust: 0.6
db:	VULHUB	id:	VHN-136842	Trust: 0.1
db:	VULMON	id:	CVE-2018-6810	Trust: 0.1

sources: VULHUB: VHN-136842 // VULMON: CVE-2018-6810 // JVNDB: JVNDB-2018-002544 // CNNVD: CNNVD-201803-146 // NVD: CVE-2018-6810

REFERENCES

url:	https://support.citrix.com/article/ctx232161	Trust: 1.9
url:	http://www.securitytracker.com/id/1040440	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6810	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-6810	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-136842 // VULMON: CVE-2018-6810 // JVNDB: JVNDB-2018-002544 // CNNVD: CNNVD-201803-146 // NVD: CVE-2018-6810

SOURCES

db:	VULHUB	id:	VHN-136842
db:	VULMON	id:	CVE-2018-6810
db:	JVNDB	id:	JVNDB-2018-002544
db:	CNNVD	id:	CNNVD-201803-146
db:	NVD	id:	CVE-2018-6810

LAST UPDATE DATE

2024-11-23T22:26:25.874000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-136842	date:	2018-03-26T00:00:00
db:	VULMON	id:	CVE-2018-6810	date:	2018-03-26T00:00:00
db:	JVNDB	id:	JVNDB-2018-002544	date:	2018-04-18T00:00:00
db:	CNNVD	id:	CNNVD-201803-146	date:	2018-03-07T00:00:00
db:	NVD	id:	CVE-2018-6810	date:	2024-11-21T04:11:14.190

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-136842	date:	2018-03-06T00:00:00
db:	VULMON	id:	CVE-2018-6810	date:	2018-03-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-002544	date:	2018-04-18T00:00:00
db:	CNNVD	id:	CNNVD-201803-146	date:	2018-03-07T00:00:00
db:	NVD	id:	CVE-2018-6810	date:	2018-03-06T20:29:01.203