Citrix Netscaler Sd-Wan vulnerabilities

16 known vulnerabilities affecting citrix/netscaler_sd-wan.

Total CVEs

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL10HIGH5MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2019-12987CRITICALCVSS 9.8PoC≥ 10.0, < 10.0.82019-07-16

CVE-2019-12987 [CRITICAL] CWE-78 CVE-2019-12987: Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Val Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).

nvd

CVE-2019-12986CRITICALCVSS 9.8PoC≥ 10.0, < 10.0.82019-07-16

CVE-2019-12986 [CRITICAL] CWE-78 CVE-2019-12986: Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Val Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).

nvd

CVE-2019-12990CRITICALCVSS 9.8PoC≥ 10.0, < 10.0.82019-07-16

CVE-2019-12990 [CRITICAL] CWE-22 CVE-2019-12990: Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Travers Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.

nvd

CVE-2019-12988CRITICALCVSS 9.8PoC≥ 10.0, < 10.0.82019-07-16

CVE-2019-12988 [CRITICAL] CWE-78 CVE-2019-12988: Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Val Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6).

nvd

CVE-2019-12985CRITICALCVSS 9.8PoC≥ 10.0, < 10.0.82019-07-16

CVE-2019-12985 [CRITICAL] CWE-78 CVE-2019-12985: Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Val Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).

nvd

CVE-2019-12989CRITICALCVSS 9.8KEVPoC≥ 10.0.0, < 10.0.82019-07-16

CVE-2019-12989 [CRITICAL] CWE-89 CVE-2019-12989: Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection. Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.

nvd

CVE-2019-12992HIGHCVSS 8.8≥ 10.0, < 10.0.82019-07-16

CVE-2019-12992 [HIGH] CWE-78 CVE-2019-12992: Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Val Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6).

nvd

CVE-2019-12991HIGHCVSS 8.8KEVPoC≥ 10.0.0, < 10.0.82019-07-16

CVE-2019-12991 [HIGH] CWE-78 CVE-2019-12991: Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Val Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).

nvd

CVE-2019-11550MEDIUMCVSS 5.9≥ 9.0.0, ≤ 9.3.6≥ 10.0.0, < 10.0.72019-05-08

CVE-2019-11550 [MEDIUM] CWE-295 CVE-2019-11550: Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certifica Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation.

nvd

CVE-2018-17446CRITICALCVSS 9.8≥ 9.3.0, ≤ 9.3.6≥ 10.0.0, ≤ 10.0.42018-10-23

CVE-2018-17446 [CRITICAL] CWE-89 CVE-2018-17446: A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.

nvd

CVE-2018-17448CRITICALCVSS 9.8≥ 9.3.0, ≤ 9.3.6≥ 10.0.0, ≤ 10.0.42018-10-23

CVE-2018-17448 [CRITICAL] CVE-2018-17448: An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.

nvd

CVE-2018-17445CRITICALCVSS 9.8≥ 9.3.0, ≤ 9.3.6≥ 10.0.0, ≤ 10.0.42018-10-23

CVE-2018-17445 [CRITICAL] CWE-77 CVE-2018-17445: A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9 A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.

nvd

CVE-2018-17444HIGHCVSS 7.5≥ 9.3.0, ≤ 9.3.6≥ 10.0.0, ≤ 10.0.42018-10-23

CVE-2018-17444 [HIGH] CWE-22 CVE-2018-17444: A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.

nvd

CVE-2018-17447HIGHCVSS 7.5≥ 9.3.0, < 9.3.6≥ 10.0.0, < 10.0.42018-10-23

CVE-2018-17447 [HIGH] CWE-532 CVE-2018-17447: An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.

nvd

CVE-2018-5314HIGHCVSS 7.5v9.3.02018-03-01

CVE-2018-5314 [HIGH] CWE-287 CVE-2018-5314: Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.1 Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command o

nvd

CVE-2017-6316CRITICALCVSS 9.8KEVPoC≤ 9.1.2.26.5612012017-07-20

CVE-2017-6316 [CRITICAL] CVE-2017-6316: Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.

nvd