漏洞描述
【漏洞对象】 Citrix ADC 【涉及版本】Citrix ADC和Citrix Gateway 13.0版本,Citrix ADC和NetScalerGateway 12.1版本,Citrix ADC和NetScaler Gateway 12.0版本,Citrix ADC和NetScaler Gateway11.1版本 【漏洞描述】攻击者利用默认用户名nsroot,通过精心构造的请求包获取session,进而进行文件读取,获得敏感信息控制主机。
Citrix ADC 任意文件读取
PoC代码
暂无相关漏洞推荐
- (CVE-2025-5777)Citrix NetScaler管理接口输入验证不足导致内存读取越界漏洞
- CVE-2019-19781: Citrix Application Delivery Controller (ADC) and Gateway Directory Traversal.
- POC CVE-2025-5777: Citrix NetScaler Memory Disclosure - CitrixBleed 2
- POC CVE-2019-12985: Citrix SD-WAN Center - Remote Command Injection
- POC CVE-2019-12986: Citrix SD-WAN Center - Remote Command Injection
- POC CVE-2019-12987: Citrix SD-WAN Center - Remote Command Injection
- POC CVE-2019-12988: Citrix SD-WAN Center - Remote Command Injection
- POC CVE-2019-12990: Citrix SD-WAN Center - Local File Inclusion
- POC CVE-2019-19781: Citrix ADC and Gateway - Directory Traversal
- POC CVE-2020-8191: Citrix ADC/Gateway - Cross-Site Scripting
- POC CVE-2020-8193: Citrix - Local File Inclusion
- POC CVE-2020-8194: Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection
- POC CVE-2020-8209: Citrix XenMobile Server - Local File Inclusion