Citrix ADC and Gateway directory traversal and XML file upload
Added: 01/13/2020Background
Citrix ADC (formerly NetScaler ADC) is an application delivery and load balancing platform. Citrix Gateway (formerly NetScaler Unified Gateway) is a secure workspace access and single sign-on solution.Problem
A directory traversal vulnerability allows remote attackers to execute arbitrary commands embedded in XML files which are uploaded using the newbm.pl script.Resolution
Apply the firmware update or mitigation steps referenced in CTX267027.References
https://www.kb.cert.org/vuls/id/619785/https://www.trustedsec.com/blog/critical-exposure-in-citrix-adc-netscaler-unauthenticated-remote-code-execution/
Platforms
LinuxBack to exploit index