CVE-2018-17446
published 2018-10-23CVE-2018-17446: A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
PriorityP351critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
1.96%
77.8th percentile
A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_sd-wan | — | — |
| citrix | netscaler_adc_gateway | — | — |
| citrix | netscaler_sd-wan | 10.0.0 – 10.0.4 | — |
| citrix | netscaler_sd-wan | 9.3.0 – 9.3.6 | — |
| citrix | sd-wan | — | — |
| citrix | sd-wan | — | — |
| citrix | xenserver | — | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2018-17446: A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
vendor_citrix·2018-10-23·CVSS 9.8
CVE-2018-17446 [CRITICAL] CWE-89 CVE-2018-17446: A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
CVE-2018-17446: A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
Citrix
Citrix SD-WAN Multiple Security Updates
vendor_citrix·CVSS 6.8
CVE-2012-2104 [MEDIUM] Citrix SD-WAN Multiple Security Updates
Citrix SD-WAN Multiple Security Updates
of Problem Multiple vulnerabilities have been identified in the management interface of Citrix NetScaler SD-WAN physical appliances and virtual appliances. Collectively these vulnerabilities could allow an unauthenticated attacker with access to the management interface to compromise the host. The vulnerabilities have been assigned the following CVE numbers. CVE-2018-17444 - Directory traversal in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. CVE-2018-17445 - Command Injection in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. CVE-2018-17446 - SQL Injection in in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. CVE-2018-17447 - Infor
GHSA
GHSA-45hj-x6v8-2mjc: A SQL Injection issue was discovered in Citrix SD-WAN 10
ghsa_unreviewed·2022-05-14
CVE-2018-17446 [CRITICAL] CWE-89 GHSA-45hj-x6v8-2mjc: A SQL Injection issue was discovered in Citrix SD-WAN 10
A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-10-23
Published