vendor:
NetScaler SDX
by:
Securify
8.8
CVSS
HIGH
Command Injection
78
CWE
Product Name: NetScaler SDX
Affected Version From: svm-10.5-50-1.9
Affected Version To: svm-10.5-50-1.9
Patch Exists: YES
Related CWE: N/A
CPE: a:citrix:netscaler_sdx
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020
Command Injection Vulnerability in NITRO SDK
The Citrix NetScaler SDX platform delivers fully isolated NetScaler instances running on a single appliance. The NITRO SDK allows you to configure and monitor the NetScaler appliance programmatically. NITRO exposes its functionality through REST interfaces. A Cross-Site Scripting vulnerability was found in one of the REST services exposed by the NITRO SDK. Administrators can upload XenServer hotfixes to the Citrix SDX appliance. The REST interface responsible for handling these hotfixes is vulnerable to command injection.
Mitigation:
Citrix reports that this vulnerability is fixed in NetScaler 10.5 build 52.3nc.