Published: 16/07/2019 Updated: 24/08/2020

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 905

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Citrix SD-WAN 10.2.x prior to 10.2.3 and NetScaler SD-WAN 10.0.x prior to 10.0.8 have Improper Input Validation (issue 5 of 6).

Vulnerable Product	Search on Vulmon	Subscribe to Product
citrix netscaler sd-wan
citrix sd-wan

# Exploit Title: Citrix SD-WAN Appliance 1022 Auth Bypass and Remote Command Execution # Date: 2019-07-12 # Exploit Author: Chris Lyne (@lynerc) # Vendor Homepage: wwwcitrixcom # Product: Citrix SD-WAN # Software Link: wwwcitrixcom/downloads/citrix-sd-wan/ # Version: Tested against 1022 # Tested on: # - Vendor-provided OVA ...

Citrix SD-WAN Appliance version 1022 suffers from authentication bypass and remote command execution vulnerabilities ...

CWE-78 http://packetstormsecurity.com/files/153638/Citrix-SD-WAN-Appliance-10.2.2-Authentication-Bypass-Remote-Command-Execution.html http://www.securityfocus.com/bid/109133 https://support.citrix.com/article/CTX251987 https://www.tenable.com/security/research/tra-2019-32 https://nvd.nist.gov https://www.exploit-db.com/exploits/47112

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-12991

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect