Lucene search

CitrixCVELIST:CVE-2024-2049

HistoryMar 12, 2024 - 12:39 p.m.

CVE-2024-2049 Server-Side Request Forgery (SSRF)

2024-03-1212:39:45

CWE-918

Citrix

www.cve.org

citrix sd-wan

ssrf

vulnerability

leaking information

management ip

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Citrix SD-WAN Standard/Premium Editions",
    "vendor": "Citrix",
    "versions": [
      {
        "lessThan": "11.4.4.46",
        "status": "affected",
        "version": "11.4",
        "versionType": "patch"
      }
    ]
  }
]

References

support.citrix.com/article/CTX617071/citrix-sdwan-security-bulletin-for-cve20242049

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVELIST:CVE-2024-2049