CVE-2015-5080

EPSS 1%
Veröffentlicht 16.07.2015 14:59:05
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter parameter to rapi/ipsec_logs.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Citrix ≫ Netscaler Application Delivery Controller Firmware Version10.1

Citrix ≫ Netscaler Application Delivery Controller Firmware Version10.1.120.1316.e

Citrix ≫ Netscaler Application Delivery Controller Firmware Version10.1.121

Citrix ≫ Netscaler Application Delivery Controller Firmware Version10.1.122

Citrix ≫ Netscaler Application Delivery Controller Firmware Version10.1.123

Citrix ≫ Netscaler Application Delivery Controller Firmware Version10.1.124

Citrix ≫ Netscaler Application Delivery Controller Firmware Version10.1.125

Citrix ≫ Netscaler Application Delivery Controller Firmware Version10.1.126

Citrix ≫ Netscaler Application Delivery Controller Firmware Version10.1.127

Citrix ≫ Netscaler Application Delivery Controller Firmware Version10.1.128

Citrix ≫ Netscaler Application Delivery Controller Firmware Version10.1.129

Citrix ≫ Netscaler Application Delivery Controller Firmware Version10.5

Citrix ≫ Netscaler Application Delivery Controller Firmware Version10.5e

Citrix ≫ Netscaler Gateway Firmware Version10.1.120.1316.e

Citrix ≫ Netscaler Gateway Firmware Version10.1.121

Citrix ≫ Netscaler Gateway Firmware Version10.1.122

Citrix ≫ Netscaler Gateway Firmware Version10.1.123

Citrix ≫ Netscaler Gateway Firmware Version10.1.124

Citrix ≫ Netscaler Gateway Firmware Version10.1.125

Citrix ≫ Netscaler Gateway Firmware Version10.1.126

Citrix ≫ Netscaler Gateway Firmware Version10.1.127

Citrix ≫ Netscaler Gateway Firmware Version10.1.128

Citrix ≫ Netscaler Gateway Firmware Version10.1.129

Citrix ≫ Netscaler Gateway Firmware Version10.5

Citrix ≫ Netscaler Gateway Firmware Version10.5.50.10

Citrix ≫ Netscaler Gateway Firmware Version10.5.51.10

Citrix ≫ Netscaler Gateway Firmware Version10.5e

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1%	0.76

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

http://security-assessment.com/files/documents/advisory/Citrix-Netscaler-Final.pdf

http://support.citrix.com/article/CTX201149

http://www.securityfocus.com/bid/75505

http://www.securitytracker.com/id/1032762

https://nvd.nist.gov/vuln/detail/CVE-2015-5080

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-5080

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-5080

EUVD