CVE-2015-2838 : Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler

Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.

Published 2015-04-03 14:59:01

Updated 2018-10-09 19:56:30

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross-site request forgery (CSRF)

Products affected by CVE-2015-2838

Citrix » Netscaler » Version: 10.5
cpe:2.3:a:citrix:netscaler:10.5:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-2838

EPSS FAQ

0.73%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 81 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-2838

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2015-2838

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-2838

http://www.securityfocus.com/archive/1/534936/100/0/threaded

SecurityFocus
http://packetstormsecurity.com/files/130937/Citrix-NITRO-SDK-Command-Injection.html

Citrix NITRO SDK Command Injection ≈ Packet Storm
Exploit
https://www.exploit-db.com/exploits/36442/

Citrix Nitro SDK - Command Injection
http://www.securityfocus.com/bid/73358

Citrix NetScaler 'xen_hotfix' Page Command Injection Vulnerability
http://seclists.org/fulldisclosure/2015/Mar/129

Full Disclosure: Command injection vulnerability in Citrix NITRO SDK xen_hotfix page
https://www.securify.nl/advisory/SFY20140806/command_injection_vulnerability_in_citrix_nitro_sdk_xen_hotfix_page.html

Command injection vulnerability in Citrix NITRO SDK xen_hotfix page - Security Advisories and Insights - Securify B.V.
Exploit

Jump to

Vulnerability Details : CVE-2015-2838

Products affected by CVE-2015-2838

Exploit prediction scoring system (EPSS) score for CVE-2015-2838

CVSS scores for CVE-2015-2838

CWE ids for CVE-2015-2838

References for CVE-2015-2838