⚠ Actively exploited
Added to CISA KEV on 2022-03-25. Federal agencies required to patch by 2022-04-15. Required action: Apply updates per vendor instructions..

CVE-2019-12991OS Command Injection in Citrix Netscaler Sd-wan

CWE-78OS Command Injection11 documents8 sources
Severity
8.8HIGHNVD
EPSS
81.0%
top 0.84%
CISA KEV
KEV
Added 2022-03-25
Due 2022-04-15
Exploit
Exploited in wild
Active exploitation observed
Affected products
5
Citrix Netscaler Sd-wanCitrix Sd-wanCitrix Sd-wan+2 more
Timeline
PublishedJul 16
KEV addedMar 25
KEV dueApr 15
Latest updateMay 24
CISA Required Action: Apply updates per vendor instructions.

Description

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

NVDcitrix/netscaler_sd-wan10.0.010.0.8
NVDcitrix/sd-wan10.2.010.2.3
citrixcitrix/sd-wan

🔴Vulnerability Details

2
GHSA
GHSA-462p-6gjx-6wj6: Citrix SD-WAN 102022-05-24
VulnCheck
Citrix SD-WAN and NetScaler Command Injection Vulnerability2019

💥Exploits & PoCs

1
Exploit-DB
Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution2019-07-12

📋Vendor Advisories

3
CISA
Citrix SD-WAN and NetScaler Command Injection Vulnerability2022-03-25
Citrix
CVE-2019-12991: Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).2019-07-16
Citrix
Citrix SD-WAN Multiple Security Updates

🕵️Threat Intelligence

4
Unit42
Mirai Variant ECHOBOT Resurfaces with 13 Previously Unexploited Vulnerabilities2019-12-13
Unit42
Mirai Variant ECHOBOT Resurfaces with 13 Previously Unexploited Vulnerabilities2019-12-13
Tenable
Multiple Vulnerabilities Found in Citrix SD-WAN Center and SD-WAN Appliances2019-07-11
Tenable
Citrix SD-WAN Appliance Multiple Vulnerabilities2019-07-02