16 matches found
CVE-2019-12989
CVE-2019-12989 affects Citrix SD-WAN 10.2.x prior to 10.2.3 and NetScaler SD-WAN 10.0.x prior to 10.0.8. An unauthenticated attacker can exploit an SQL injection caused by improper input validation in specific components, potentially leading to arbitrary SQL execution against the backend database...
CVE-2019-12991
CVE-2019-12991 affects Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance: authenticated command injection in 10.2.x before 10.2.3 and 10.0.x before 10.0.8. Connected advisories confirm a remote command execution vector via the appliance’s management/UI stack and public exploits exist (e.g., ...
CVE-2017-6316
CVE-2017-6316 affects Citrix NetScaler SD-WAN devices (including CloudBridge) up to version 9.1.2.26.561201, where a remote attacker can execute arbitrary shell commands as root by abusing a cookie (CGISESSID on NetScaler SD-WAN; CAKEPHP on CloudBridge). The vulnerability arises from insufficient...
CVE-2019-12990
CVE-2019-12990 refers to a Local File Inclusion/vulnerability in Citrix SD-WAN Center and NetScaler SD-WAN Center. The Nuclei template and CNVD/Red Hat/ CIRCL entries describe an issue where the applianceSettingsFileTransfer function in ApplianceSettingsController fails to properly validate HTTP ...
CVE-2019-12985
CVE-2019-12985 affects Citrix SD-WAN Center (10.2.x before 10.2.3) and NetScaler SD-WAN Center (10.0.x before 10.0.8). The connected Nuclei template details a remote command injection vulnerability in the DiagnosticsController ping function, caused by insufficient validation/sanitization of HTTP ...
CVE-2019-12988
Citrix SD-WAN Center / NetScaler SD-WAN Center CVE-2019-12988: A remote command injection exists in the addModifyZTDProxy function of NmsController. The NMS controller does not sufficiently validate or sanitize HTTP request parameters used to build a shell command. An unauthenticated attacker cou...
CVE-2019-12986
Citrix SD-WAN Center/NetScaler SD-WAN Center are affected by CVE-2019-12986 through an unauthenticated remote command injection in the trace_route function of DiagnosticsController. The issue arises from insufficient validation/sanitation of HTTP request parameters used to construct shell command...
CVE-2019-12987
Citrix SD-WAN Center / NetScaler SD-WAN Center are affected by CVE-2019-12987 due to improper input validation in the StorageMgmtController’s apply action, where the callStoragePerl helper constructs shell commands from HTTP parameters. An attacker can route traffic through the Collector controll...
CVE-2019-12992
CVE-2019-12992 — Citrix/NetScaler SD-WAN . The issue is an authenticated command injection caused by improper input validation in Citrix SD-WAN Center 10.2.x (before 10.2.3) and NetScaler SD-WAN Center 10.0.x (before 10.0.8). Exploitation would require authentication against the SD-WAN management...
CVE-2018-5314
CVE-2018-5314 affects Citrix NetScaler ADC and NetScaler Gateway (11.0/11.1/12.0) and the NetScaler LB instance in SD-WAN/CloudBridge 9.3.0, allowing a remote attacker to execute system commands or read files via an SSH login prompt. Affected versions and fixes are documented in Citrix advisories...
CVE-2018-17447
CVE-2018-17447 is an information exposure vulnerability in Citrix SD-WAN and NetScaler SD-WAN where log files leak sensitive data. Affected versions include Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. The Citrix security bulletin CTX236992 notes several ...
CVE-2018-17444
Citrix SD-WAN/NetScaler SD-WAN directory traversal issue (CVE-2018-17444) affects Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4, allowing an unauthenticated attacker with access to the management interface to reach sensitive parts of the host. The root caus...
CVE-2019-11550
CVE-2019-11550 affects Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7, with an improper certificate validation flaw. The Citrix security update (CTX247735) notes an information-disclosure/man-in-the-middle risk on management traffic, requiring remediation. Affected v...
CVE-2018-17445
CVE-2018-17445 is a Command Injection vulnerability in Citrix SD-WAN/NetScaler SD-WAN. The Citrix advisory CTX236992 states multiple vulnerabilities in the management interface could allow an unauthenticated attacker with access to the management interface to compromise the host. Affected version...
CVE-2018-17446
Citrix SD-WAN and NetScaler SD-WAN SQL Injection (CVE-2018-17446) affects Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x prior to 9.3.6 and 10.0.x prior to 10.0.4. The issue is a SQL injection vulnerability in the management interface, enabling an unauthenticated attacker with access to the mana...
CVE-2018-17448
CVE-2018-17448 is an Incorrect Access Controls vulnerability in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. The Citrix bulletin describes multiple vulnerabilities affecting the management interface of Citrix NetScaler SD-WAN appliances, allowing an unaut...