Sign-up

ID

VAR-201805-0928


CVE

CVE-2018-7218


TITLE

Citrix NetScaler Application Delivery Controller and NetScaler Gateway Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2018-005405

DESCRIPTION

The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build 57.24 allows remote attackers to execute arbitrary code via unspecified vectors. A security vulnerability exists in the AppFirewall feature in Citrix NetScaler ADC and NetScaler Gateway. A remote attacker could exploit this vulnerability to execute arbitrary code

Trust: 1.8

sources: NVD: CVE-2018-7218 // JVNDB: JVNDB-2018-005405 // VULHUB: VHN-137250 // VULMON: CVE-2018-7218

AFFECTED PRODUCTS

vendor:citrixmodel:application delivery controllerscope:eqversion:10.5

Trust: 1.6

vendor:citrixmodel:application delivery controllerscope:eqversion:11.1

Trust: 1.6

vendor:citrixmodel:application delivery controllerscope:eqversion:12.0

Trust: 1.6

vendor:citrixmodel:application delivery controllerscope:eqversion:11.0

Trust: 1.6

vendor:citrixmodel:netscaler gatewayscope:eqversion:11.1

Trust: 1.6

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.5

Trust: 1.6

vendor:citrixmodel:netscaler gatewayscope:eqversion:12.0

Trust: 1.6

vendor:citrixmodel:netscaler gatewayscope:eqversion:11.0

Trust: 1.6

vendor:citrixmodel:netscaler gatewayscope:ltversion:10.5

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:11.0

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:11.0 build 71.24

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:ltversion:11.1

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:ltversion:12.0

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:12.0 build 57.24

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:10.5 build 68.7

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:ltversion:11.0

Trust: 0.8

vendor:citrixmodel:netscaler gatewayscope:eqversion:11.1 build 58.13

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:11.0 build 71.24

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:12.0 build 57.24

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:10.5 build 68.7

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:eqversion:11.1 build 58.13

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:12.0

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:10.5

Trust: 0.8

vendor:citrixmodel:netscaler application delivery controllerscope:ltversion:11.1

Trust: 0.8

sources: JVNDB: JVNDB-2018-005405 // CNNVD: CNNVD-201805-511 // NVD: CVE-2018-7218

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7218
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-7218
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201805-511
value: CRITICAL

Trust: 0.6

VULHUB: VHN-137250
value: HIGH

Trust: 0.1

VULMON: CVE-2018-7218
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-7218
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-137250
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7218
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-137250 // VULMON: CVE-2018-7218 // JVNDB: JVNDB-2018-005405 // CNNVD: CNNVD-201805-511 // NVD: CVE-2018-7218

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2018-7218

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-511

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201805-511

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005405

PATCH
title:CTX234869url:https://support.citrix.com/article/CTX234869
Trust: 0.8
title:Citrix NetScaler Application Delivery Controller  and NetScaler Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83445
Trust: 0.6
title:Citrix Security Bulletins: Vulnerability in Citrix NetScaler Application Delivery Controller and NetScaler Gateway leading to arbitrary code execution and host compromiseurl:https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=7d07c8792d60896b0e74081c0688f2c2
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-7218 // 
            
            
            
            JVNDB: JVNDB-2018-005405 // 
            
            
            
            CNNVD: CNNVD-201805-511

EXTERNAL IDS
db:NVDid:CVE-2018-7218
Trust: 2.6
db:SECTRACKid:1040921
Trust: 1.8
db:JVNDBid:JVNDB-2018-005405
Trust: 0.8
db:CNNVDid:CNNVD-201805-511
Trust: 0.6
db:VULHUBid:VHN-137250
Trust: 0.1
db:VULMONid:CVE-2018-7218
Trust: 0.1
sources:
            
            
            VULHUB: VHN-137250 // 
            
            
            
            VULMON: CVE-2018-7218 // 
            
            
            
            JVNDB: JVNDB-2018-005405 // 
            
            
            
            CNNVD: CNNVD-201805-511 // 
            
            
            
            NVD: CVE-2018-7218

REFERENCES
url:https://support.citrix.com/article/ctx234869
Trust: 1.9
url:http://www.securitytracker.com/id/1040921
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7218
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7218
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-137250 // 
            
            
            
            VULMON: CVE-2018-7218 // 
            
            
            
            JVNDB: JVNDB-2018-005405 // 
            
            
            
            CNNVD: CNNVD-201805-511 // 
            
            
            
            NVD: CVE-2018-7218

SOURCES
db:VULHUBid:VHN-137250
db:VULMONid:CVE-2018-7218
db:JVNDBid:JVNDB-2018-005405
db:CNNVDid:CNNVD-201805-511
db:NVDid:CVE-2018-7218

LAST UPDATE DATE
2024-11-23T22:38:12.683000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-137250date:2018-06-27T00:00:00
db:VULMONid:CVE-2018-7218date:2018-06-27T00:00:00
db:JVNDBid:JVNDB-2018-005405date:2018-07-13T00:00:00
db:CNNVDid:CNNVD-201805-511date:2018-07-07T00:00:00
db:NVDid:CVE-2018-7218date:2024-11-21T04:11:48.953

SOURCES RELEASE DATE
db:VULHUBid:VHN-137250date:2018-05-17T00:00:00
db:VULMONid:CVE-2018-7218date:2018-05-17T00:00:00
db:JVNDBid:JVNDB-2018-005405date:2018-07-13T00:00:00
db:CNNVDid:CNNVD-201805-511date:2018-05-17T00:00:00
db:NVDid:CVE-2018-7218date:2018-05-17T19:29:00.790