CVE-2015-5080

EPSS 1%
Published 16.07.2015 14:59:05
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter parameter to rapi/ipsec_logs.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Citrix ≫ Netscaler Application Delivery Controller Firmware Version10.1

Citrix ≫ Netscaler Application Delivery Controller Firmware Version10.1.120.1316.e

Citrix ≫ Netscaler Application Delivery Controller Firmware Version10.1.121

Citrix ≫ Netscaler Application Delivery Controller Firmware Version10.1.122

Citrix ≫ Netscaler Application Delivery Controller Firmware Version10.1.123

Citrix ≫ Netscaler Application Delivery Controller Firmware Version10.1.124

Citrix ≫ Netscaler Application Delivery Controller Firmware Version10.1.125

Citrix ≫ Netscaler Application Delivery Controller Firmware Version10.1.126

Citrix ≫ Netscaler Application Delivery Controller Firmware Version10.1.127

Citrix ≫ Netscaler Application Delivery Controller Firmware Version10.1.128

Citrix ≫ Netscaler Application Delivery Controller Firmware Version10.1.129

Citrix ≫ Netscaler Application Delivery Controller Firmware Version10.5

Citrix ≫ Netscaler Application Delivery Controller Firmware Version10.5e

Citrix ≫ Netscaler Gateway Firmware Version10.1.120.1316.e

Citrix ≫ Netscaler Gateway Firmware Version10.1.121

Citrix ≫ Netscaler Gateway Firmware Version10.1.122

Citrix ≫ Netscaler Gateway Firmware Version10.1.123

Citrix ≫ Netscaler Gateway Firmware Version10.1.124

Citrix ≫ Netscaler Gateway Firmware Version10.1.125

Citrix ≫ Netscaler Gateway Firmware Version10.1.126

Citrix ≫ Netscaler Gateway Firmware Version10.1.127

Citrix ≫ Netscaler Gateway Firmware Version10.1.128

Citrix ≫ Netscaler Gateway Firmware Version10.1.129

Citrix ≫ Netscaler Gateway Firmware Version10.5

Citrix ≫ Netscaler Gateway Firmware Version10.5.50.10

Citrix ≫ Netscaler Gateway Firmware Version10.5.51.10

Citrix ≫ Netscaler Gateway Firmware Version10.5e

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1%	0.76

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

http://security-assessment.com/files/documents/advisory/Citrix-Netscaler-Final.pdf

http://support.citrix.com/article/CTX201149

http://www.securityfocus.com/bid/75505

http://www.securitytracker.com/id/1032762

https://nvd.nist.gov/vuln/detail/CVE-2015-5080

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-5080

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-5080

EUVD