CVE-2024-2049 — Server-Side Request Forgery in Citrix Sd-wan Standard Premium Editions

CWE-918 — Server-Side Request Forgery4 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 58.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Sd-wan Standard Premium Editions Citrix Sd-wan 1000 Firmware Citrix Sd-wan 1100 Firmware +13 more

Timeline

PublishedMar 12

Latest updateJul 13

Description

Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages16 packages

▶CVEListV5citrix/citrix_sd-wan_standard_premium_editions11.4 — 11.4.4.46

▶citrixcitrix/xenserver

▶NVDcitrix/sd-wan_110_firmware11.4.0 — 11.4.4.46

▶NVDcitrix/sd-wan_210_firmware11.4.0 — 11.4.4.46

▶NVDcitrix/sd-wan_400_firmware11.4.0 — 11.4.4.46

🔴Vulnerability Details

GHSA

GHSA-cq2x-934m-8p64: Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11↗2024-03-12

▶

📋Vendor Advisories

Citrix

Citrix SDWAN Security Bulletin for CVE-2024-2049↗2024-07-13

▶

Citrix

CVE-2024-2049: Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose l↗2024-03-12

▶