CVE-2019-11550
published 2019-05-08CVE-2019-11550: Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation.
PriorityP429medium5.9CVSS 3.0
AVNACHPRNUINSUCHINAN
EPSS
0.58%
43.4th percentile
Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_sd-wan | — | — |
| citrix | netscaler_adc_gateway | — | — |
| citrix | netscaler_sd-wan | >= 10.0.0 < 10.0.7 | 10.0.7 |
| citrix | netscaler_sd-wan | 9.0.0 – 9.3.6 | — |
| citrix | sd-wan | — | — |
| citrix | sd-wan | 10.1.0 – 10.1.2 | — |
| citrix | sd-wan | >= 10.2.0 < 10.2.1 | 10.2.1 |
| citrix | xenserver | — | — |
CVSS provenance
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2019-11550: Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation.
vendor_citrix·2019-05-08·CVSS 5.9
CVE-2019-11550 [MEDIUM] CWE-295 CVE-2019-11550: Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation.
CVE-2019-11550: Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation.
Citrix
CVE-2019-11550 - Citrix SD-WAN Security Update
vendor_citrix·CVSS 5.9
CVE-2019-11550 [MEDIUM] CVE-2019-11550 - Citrix SD-WAN Security Update
CVE-2019-11550 - Citrix SD-WAN Security Update
of Problem An information disclosure vulnerability has been identified in the Citrix SD-WAN Appliance. This vulnerability could allow an unauthenticated attacker to perform a man-in-the-middle attack against management traffic. The vulnerability has been assigned the following CVE number. CVE-2019-11550 – Information Disclosure in Citrix SD-WAN Appliance 10.2.x before 10.2.2 and NetScaler SD-WAN Appliance 10.0.x before 10.0.7.
CVE References: CVE-2019-11550
Affected Products: Citrix SD-WAN, SD-WAN, XenServer, sd-wan
Severity: High
Remediation:
These vulnerabilities have been addressed in the following software versions: • NetScaler SD-WAN 10.0.7 • Citrix SD-WAN 10.2.2 Citrix strongly recommends that customers using vulnerable software upgra
GHSA
GHSA-p53g-mf4j-5xxx: Citrix SD-WAN 10
ghsa_unreviewed·2022-05-24
CVE-2019-11550 [MEDIUM] CWE-295 GHSA-p53g-mf4j-5xxx: Citrix SD-WAN 10
Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://support.citrix.com/article/CTX247735https://support.citrix.com/v1/search?searchQuery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletinhttps://support.citrix.com/article/CTX247735https://support.citrix.com/v1/search?searchQuery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletin
2019-05-08
Published