Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.
Conclusion & alert: CVE-2018-5314 is rated Moderate Risk (59.7/100): CVSS High severity, with medium exploitation likelihood (EPSS 2.85%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-07-08 | 2.91% | 2.85% | -0.06% |
| 2 | 2026-06-15 | 3.31% | 2.91% | -0.40% |
| 3 | 2025-09-15 | — | 3.31% | — |
Full EPSS history (11 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 7.5 | 3.0 | HIGH |
|
3.9 | 3.6 | [email protected] |
| 5.0 | 2.0 | MEDIUM |
|
10.0 | 2.9 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| citrix | netscaler_application_delivery_controller | 11.0 | cpe:2.3:a:citrix:netscaler_application_delivery_controller:11.0:*:*:*:*:*:*:* |
| citrix | netscaler_application_delivery_controller | 11.1 | cpe:2.3:a:citrix:netscaler_application_delivery_controller:11.1:*:*:*:*:*:*:* |
| citrix | netscaler_application_delivery_controller | 12.0 | cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.0:*:*:*:*:*:*:* |
| citrix | netscaler_gateway | 11.0 | cpe:2.3:a:citrix:netscaler_gateway:11.0:*:*:*:*:*:*:* |
| citrix | netscaler_gateway | 11.1 | cpe:2.3:a:citrix:netscaler_gateway:11.1:*:*:*:*:*:*:* |
| citrix | netscaler_gateway | 12.0 | cpe:2.3:a:citrix:netscaler_gateway:12.0:*:*:*:*:*:*:* |
| citrix | netscaler_sd-wan | 9.3.0 | cpe:2.3:a:citrix:netscaler_sd-wan:9.3.0:*:*:*:wan_optimization:*:*:* |
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/103186 | Third Party Advisory VDB Entry |
| http://www.securitytracker.com/id/1040439 | Third Party Advisory VDB Entry |
| https://support.citrix.com/article/CTX232199 | Vendor Advisory |