CVE-2015-5080 - Emotive Estate

Description

The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8 10.5 before Build 56.15 and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter parameter to rapi/ipsec_logs.

Reference

http://security-assessment.com/files/documents/advisory/Citrix-Netscaler-Final.pdf http://www.securitytracker.com/id/1032762 http://support.citrix.com/article/CTX201149 http://www.securityfocus.com/bid/75505