Han Sahin, August 2014
Securify discovered a command injection vulnerability in xen_hotfix page
of the NITRO SDK. The attacker-supplied command is executed with
elevated privileges (nsroot). This issue can be used to compromise of
the entire Citrix SDX appliance and all underling application's and
data.
This issue was discovered in Citrix NetScaler SDX svm-10.5-50-1.9, other
versions may also be affected.
Citrix reports that this vulnerability is fixed in NetScaler 10.5 build
52.3nc.