18 matches found
CVE-2019-12989
CVE-2019-12989 affects Citrix SD-WAN 10.2.x prior to 10.2.3 and NetScaler SD-WAN 10.0.x prior to 10.0.8. An unauthenticated attacker can exploit an SQL injection caused by improper input validation in specific components, potentially leading to arbitrary SQL execution against the backend database...
CVE-2019-12991
CVE-2019-12991 affects Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance: authenticated command injection in 10.2.x before 10.2.3 and 10.0.x before 10.0.8. Connected advisories confirm a remote command execution vector via the appliance’s management/UI stack and public exploits exist (e.g., ...
CVE-2019-12990
CVE-2019-12990 refers to a Local File Inclusion/vulnerability in Citrix SD-WAN Center and NetScaler SD-WAN Center. The Nuclei template and CNVD/Red Hat/ CIRCL entries describe an issue where the applianceSettingsFileTransfer function in ApplianceSettingsController fails to properly validate HTTP ...
CVE-2019-12985
CVE-2019-12985 affects Citrix SD-WAN Center (10.2.x before 10.2.3) and NetScaler SD-WAN Center (10.0.x before 10.0.8). The connected Nuclei template details a remote command injection vulnerability in the DiagnosticsController ping function, caused by insufficient validation/sanitization of HTTP ...
CVE-2019-12988
Citrix SD-WAN Center / NetScaler SD-WAN Center CVE-2019-12988: A remote command injection exists in the addModifyZTDProxy function of NmsController. The NMS controller does not sufficiently validate or sanitize HTTP request parameters used to build a shell command. An unauthenticated attacker cou...
CVE-2019-12986
Citrix SD-WAN Center/NetScaler SD-WAN Center are affected by CVE-2019-12986 through an unauthenticated remote command injection in the trace_route function of DiagnosticsController. The issue arises from insufficient validation/sanitation of HTTP request parameters used to construct shell command...
CVE-2019-12987
Citrix SD-WAN Center / NetScaler SD-WAN Center are affected by CVE-2019-12987 due to improper input validation in the StorageMgmtController’s apply action, where the callStoragePerl helper constructs shell commands from HTTP parameters. An attacker can route traffic through the Collector controll...
CVE-2019-12992
CVE-2019-12992 — Citrix/NetScaler SD-WAN . The issue is an authenticated command injection caused by improper input validation in Citrix SD-WAN Center 10.2.x (before 10.2.3) and NetScaler SD-WAN Center 10.0.x (before 10.0.8). Exploitation would require authentication against the SD-WAN management...
CVE-2020-8271
Citrix SD-WAN Center contains CVE-2020-8271, an unauthenticated remote code execution affecting versions before 11.2.2, 11.1.2b, and 10.2.8. The issue is a stop_ping endpoint path traversal that can lead to arbitrary shell commands via user-controlled input, enabling root-level RCE without authen...
CVE-2020-8273
CVE-2020-8273 is a CreateAzureDeployment shell injection flaw in Citrix SD-WAN Center. An authenticated attacker can craft JSON data that is (improperly) concatenated into an exec call, enabling arbitrary command execution on vulnerable installations. Affected versions are pre-11.2.2, pre-11.1.2b...
CVE-2021-22956
CVE-2021-22956 is an uncontrolled resource consumption vulnerability in Citrix ADC and related appliances that can be triggered by an attacker with management-interface access (NSIP/SNIP) to cause a temporary disruption of the Management GUI, Nitro API, and RPC communications. The issue affects m...
CVE-2020-8272
CVE-2020-8272 is a ConfigEditor authentication bypass vulnerability in Citrix SD-WAN Center, exposing SD-WAN functionality. Affected are SD-WAN Center versions prior to 11.2.2, 11.1.2b, and 10.2.8. The connected ThreatPost entry confirms an unauthenticated bypass of authentication (ConfigEditor) ...
CVE-2018-17447
CVE-2018-17447 is an information exposure vulnerability in Citrix SD-WAN and NetScaler SD-WAN where log files leak sensitive data. Affected versions include Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. The Citrix security bulletin CTX236992 notes several ...
CVE-2018-17444
Citrix SD-WAN/NetScaler SD-WAN directory traversal issue (CVE-2018-17444) affects Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4, allowing an unauthenticated attacker with access to the management interface to reach sensitive parts of the host. The root caus...
CVE-2019-11550
CVE-2019-11550 affects Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7, with an improper certificate validation flaw. The Citrix security update (CTX247735) notes an information-disclosure/man-in-the-middle risk on management traffic, requiring remediation. Affected v...
CVE-2018-17445
CVE-2018-17445 is a Command Injection vulnerability in Citrix SD-WAN/NetScaler SD-WAN. The Citrix advisory CTX236992 states multiple vulnerabilities in the management interface could allow an unauthenticated attacker with access to the management interface to compromise the host. Affected version...
CVE-2018-17446
Citrix SD-WAN and NetScaler SD-WAN SQL Injection (CVE-2018-17446) affects Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x prior to 9.3.6 and 10.0.x prior to 10.0.4. The issue is a SQL injection vulnerability in the management interface, enabling an unauthenticated attacker with access to the mana...
CVE-2018-17448
CVE-2018-17448 is an Incorrect Access Controls vulnerability in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. The Citrix bulletin describes multiple vulnerabilities affecting the management interface of Citrix NetScaler SD-WAN appliances, allowing an unaut...