CVE-2018-17445
published 2018-10-23CVE-2018-17445: A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
PriorityP260critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
11.06%
95.4th percentile
A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_sd-wan | — | — |
| citrix | netscaler_adc_gateway | — | — |
| citrix | netscaler_sd-wan | 10.0.0 – 10.0.4 | — |
| citrix | netscaler_sd-wan | 9.3.0 – 9.3.6 | — |
| citrix | sd-wan | — | — |
| citrix | sd-wan | — | — |
| citrix | xenserver | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- ·Vulnerable versions: Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4 ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2018-17445: A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
vendor_citrix·2018-10-23·CVSS 9.8
CVE-2018-17445 [CRITICAL] CWE-77 CVE-2018-17445: A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
CVE-2018-17445: A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
Citrix
Citrix SD-WAN Multiple Security Updates
vendor_citrix·CVSS 6.8
CVE-2012-2104 [MEDIUM] Citrix SD-WAN Multiple Security Updates
Citrix SD-WAN Multiple Security Updates
of Problem Multiple vulnerabilities have been identified in the management interface of Citrix NetScaler SD-WAN physical appliances and virtual appliances. Collectively these vulnerabilities could allow an unauthenticated attacker with access to the management interface to compromise the host. The vulnerabilities have been assigned the following CVE numbers. CVE-2018-17444 - Directory traversal in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. CVE-2018-17445 - Command Injection in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. CVE-2018-17446 - SQL Injection in in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. CVE-2018-17447 - Infor
GHSA
GHSA-595c-jhrq-qhxf: A Command Injection issue was discovered in Citrix SD-WAN 10
ghsa_unreviewed·2022-05-13
CVE-2018-17445 [CRITICAL] CWE-77 GHSA-595c-jhrq-qhxf: A Command Injection issue was discovered in Citrix SD-WAN 10
A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-10-23
Published