Описание
Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
Уязвимые конфигурации
EPSS
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
Связанные уязвимости
Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges.
Уязвимость средства доставки веб-приложений Citrix NetScaler, связанная с недостаточной проверкой поступающих запросов, позволяющая нарушителю выполнить произвольные команды с привилегиями root
EPSS
8.8 High
CVSS3
9 Critical
CVSS2