CVE-2019-11345
published 2020-03-10CVE-2019-11345: Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS.
PriorityP424medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.78%
51.1th percentile
Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_sd-wan | — | — |
| citrix | citrix_sd-wan_center | >= 10.2.0 < 10.2.1 | 10.2.1 |
| citrix | netscaler_adc_gateway | — | — |
| citrix | netscaler_sd-wan_center | >= 10.0.0 < 10.0.7 | 10.0.7 |
| citrix | sd-wan | — | — |
| citrix | xenserver | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2019-11345: Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS.
vendor_citrix·2020-03-10·CVSS 6.1
CVE-2019-11345 [MEDIUM] CWE-79 CVE-2019-11345: Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS.
CVE-2019-11345: Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS.
Citrix
Citrix SD-WAN Center Security Updates
vendor_citrix·CVSS 9.8
CVE-2019-10883 [CRITICAL] Citrix SD-WAN Center Security Updates
Citrix SD-WAN Center Security Updates
of Problem A command injection vulnerability has been identified in the management console of Citrix SD-WAN Center and NetScaler SD-WAN Center. This vulnerability could allow an unauthenticated attacker with access to the management console to compromise the host. A low severity cross-site scripting (XSS) vulnerability has been identified in the management console of Citrix SD-WAN Center and NetScaler SD-WAN Center. This vulnerability if exploited by an attacker, could potentially be used to execute malicious client-side script in the browser of a user then the script may be able to gain access to potentially sensitive information. The vulnerabilities have been assigned the following CVE numbers. CVE-2019-10883: (Critical) Command Injection in Citrix
GHSA
GHSA-qx83-34c6-2jw3: Citrix SD-WAN Center 10
ghsa_unreviewed·2022-05-24
CVE-2019-11345 [MEDIUM] GHSA-qx83-34c6-2jw3: Citrix SD-WAN Center 10
Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-03-10
Published