Published: 16/07/2019 Updated: 30/03/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Citrix SD-WAN 10.2.x prior to 10.2.3 and NetScaler SD-WAN 10.0.x prior to 10.0.8 allow SQL Injection.

Vulnerable Product	Search on Vulmon	Subscribe to Product
citrix netscaler sd-wan
citrix sd-wan

# Exploit Title: Citrix SD-WAN Appliance 1022 Auth Bypass and Remote Command Execution # Date: 2019-07-12 # Exploit Author: Chris Lyne (@lynerc) # Vendor Homepage: wwwcitrixcom # Product: Citrix SD-WAN # Software Link: wwwcitrixcom/downloads/citrix-sd-wan/ # Version: Tested against 1022 # Tested on: # - Vendor-provided OVA ...

Citrix SD-WAN Appliance version 1022 suffers from authentication bypass and remote command execution vulnerabilities ...

CWE-89 http://packetstormsecurity.com/files/153638/Citrix-SD-WAN-Appliance-10.2.2-Authentication-Bypass-Remote-Command-Execution.html http://www.securityfocus.com/bid/109133 https://support.citrix.com/article/CTX251987 https://www.tenable.com/security/research/tra-2019-32 https://nvd.nist.gov https://www.exploit-db.com/exploits/47112

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-12989

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect