CVE-2022-27506Hard-coded Credentials in Citrix Sd-wan

CWE-798Hard-coded CredentialsCWE-79Cross-site Scripting3 documents3 sources
Severity
2.7LOWNVD
EPSS
0.2%
top 62.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
18
Citirx Citrix Sd-wanCitrix Sd-wan 1000 FirmwareCitrix Sd-wan 1100 Firmware+15 more
Timeline
PublishedApr 13
Latest updateApr 14

Description

Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages18 packages

CVEListV5citirx/citrix_sd-wanunspecifiedCitrix SD-WAN Center Management Console versions 11.4.3+2

🔴Vulnerability Details

1
GHSA
GHSA-r6g8-j6hh-2656: Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI2022-04-14

📋Vendor Advisories

1
Citrix
Citrix SD-WAN Security Bulletin for CVE-2022-27505 and CVE-2022-27506