CVE-2019-10883
published 2019-06-03CVE-2019-10883: Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection.
PriorityP272critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
65.49%
99.2th percentile
Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_sd-wan | — | — |
| citrix | citrix_sd-wan_center | 10.1.0 – 10.1.2 | — |
| citrix | citrix_sd-wan_center | >= 10.2.0 < 10.2.1 | 10.2.1 |
| citrix | netscaler_adc_gateway | — | — |
| citrix | netscaler_sd-wan_center | >= 10.0.0 < 10.0.7 | 10.0.7 |
| citrix | netscaler_sd-wan_center | 9.1 – 9.3.6 | — |
| citrix | sd-wan | — | — |
| citrix | xenserver | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandcurl -skv --tlsv1.2 -d '_method=POST&data%5BUser%5D%5Busername%5D=%60sudo%20id%20>/tmp/test%60&data%5BUser%5D%5Bpassword%5D=my_password&data%5BUser%5D%5BsecPassword%5D=my_secPassword' ' https://[target_host]/login '↗
- →Monitor HTTP POST requests to /login endpoint containing backtick-encoded command injection payloads in the username field (URL-encoded backticks: %60) targeting Citrix SD-WAN Center management console. ↗
- →Alert on POST body parameters containing `_method=POST` combined with URL-encoded backtick characters (%60) in `data[User][username]`, indicative of OS command injection attempts against UsersController.php. ↗
- →The vulnerability is exploitable by unauthenticated attackers; detect unauthenticated POST requests to the SD-WAN Center management console /login path with anomalous username field content. ↗
- →Restrict and monitor access to the SD-WAN Center management console; unexpected access from untrusted networks should be alerted on. ↗
- ·Vulnerability affects Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 only; patched versions are not vulnerable. ↗
- ·The injection point is specifically the $username parameter in UsersController.php; detection rules should target this specific parameter and controller path. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9xmm-v8h7-ccm7: Citrix SD-WAN Center 10
ghsa_unreviewed·2022-05-24
CVE-2019-10883 [CRITICAL] CWE-78 GHSA-9xmm-v8h7-ccm7: Citrix SD-WAN Center 10
Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection.
Citrix
CVE-2019-10883: Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection.
vendor_citrix·2019-06-03·CVSS 9.8
CVE-2019-10883 [CRITICAL] CWE-78 CVE-2019-10883: Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection.
CVE-2019-10883: Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection.
Citrix
Citrix SD-WAN Center Security Updates
vendor_citrix·CVSS 9.8
CVE-2019-10883 [CRITICAL] Citrix SD-WAN Center Security Updates
Citrix SD-WAN Center Security Updates
of Problem A command injection vulnerability has been identified in the management console of Citrix SD-WAN Center and NetScaler SD-WAN Center. This vulnerability could allow an unauthenticated attacker with access to the management console to compromise the host. A low severity cross-site scripting (XSS) vulnerability has been identified in the management console of Citrix SD-WAN Center and NetScaler SD-WAN Center. This vulnerability if exploited by an attacker, could potentially be used to execute malicious client-side script in the browser of a user then the script may be able to gain access to potentially sensitive information. The vulnerabilities have been assigned the following CVE numbers. CVE-2019-10883: (Critical) Command Injection in Citrix
No detection rules found.
No public exploits indexed.
https://support.citrix.com/article/CTX247737https://support.citrix.com/v1/search?searchQuery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletinhttps://www.tenable.com/security/researchhttps://www.tenable.com/security/research/tra-2019-18https://support.citrix.com/article/CTX247737https://support.citrix.com/v1/search?searchQuery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletinhttps://www.tenable.com/security/researchhttps://www.tenable.com/security/research/tra-2019-18
2019-06-03
Published