cbcvebase.

Citrix Sd-Wan vulnerabilities

18 known vulnerabilities affecting citrix/sd-wan.

Total CVEs
18
CISA KEV
2
actively exploited
Public exploits
7
Exploited in wild
7
Severity breakdown
CRITICAL10HIGH7MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2019-12989P1CRITICALCVSS 9.8KEVPoC≥ 10.2.0, < 10.2.32019-07-16
CVE-2019-12989 [CRITICAL] CWE-89 CVE-2019-12989: Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection. Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.
nvd
CVE-2019-12991P1HIGHCVSS 8.8KEVPoC≥ 10.2.0, < 10.2.32019-07-16
CVE-2019-12991 [HIGH] CWE-78 CVE-2019-12991: Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Val Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).
nvd
CVE-2019-12987P1CRITICALCVSS 9.8ExploitedPoC≥ 10.2, < 10.2.32019-07-16
CVE-2019-12987 [CRITICAL] CWE-78 CVE-2019-12987: Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Val Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).
nvd
CVE-2019-12988P1CRITICALCVSS 9.8ExploitedPoC≥ 10.2, < 10.2.32019-07-16
CVE-2019-12988 [CRITICAL] CWE-78 CVE-2019-12988: Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Val Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6).
nvd
CVE-2019-12985P1CRITICALCVSS 9.8ExploitedPoC≥ 10.2, < 10.2.32019-07-16
CVE-2019-12985 [CRITICAL] CWE-78 CVE-2019-12985: Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Val Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).
nvd
CVE-2019-12986P1CRITICALCVSS 9.8ExploitedPoC≥ 10.2, < 10.2.32019-07-16
CVE-2019-12986 [CRITICAL] CWE-78 CVE-2019-12986: Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Val Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).
nvd
CVE-2019-12990P1CRITICALCVSS 9.8ExploitedPoC≥ 10.2, < 10.2.32019-07-16
CVE-2019-12990 [CRITICAL] CWE-22 CVE-2019-12990: Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Travers Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.
nvd
CVE-2020-8271P2CRITICALCVSS 9.8≥ 10.2.0, < 10.2.8≥ 11.1.0, < 11.1.2b+1 more2020-11-16
CVE-2020-8271 [CRITICAL] CWE-23 CVE-2020-8271: Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 1 Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
nvd
CVE-2019-12992P2HIGHCVSS 8.8≥ 10.2, < 10.2.32019-07-16
CVE-2019-12992 [HIGH] CWE-78 CVE-2019-12992: Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Val Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6).
nvd
CVE-2018-17445P2CRITICALCVSS 9.8v10.1.02018-10-23
CVE-2018-17445 [CRITICAL] CWE-77 CVE-2018-17445: A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9 A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
nvd
CVE-2020-8273P3HIGHCVSS 8.8≥ 10.2.0, < 10.2.8≥ 11.1.0, < 11.1.2b+1 more2020-11-16
CVE-2020-8273 [HIGH] CWE-78 CVE-2020-8273: Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2 Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.
nvd
CVE-2018-17446P3CRITICALCVSS 9.8v10.1.02018-10-23
CVE-2018-17446 [CRITICAL] CWE-89 CVE-2018-17446: A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
nvd
CVE-2018-17448P3CRITICALCVSS 9.8v10.1.02018-10-23
CVE-2018-17448 [CRITICAL] CVE-2018-17448: An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
nvd
CVE-2020-8272P3HIGHCVSS 7.5≥ 10.2.0, < 10.2.8≥ 11.1.0, < 11.1.2b+1 more2020-11-16
CVE-2020-8272 [HIGH] CWE-287 CVE-2020-8272: Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
nvd
CVE-2021-22956P3HIGHCVSS 7.5fixed in 10.2.9c≥ 11.4.0, < 11.4.22021-12-07
CVE-2021-22956 [HIGH] CWE-400 CVE-2021-22956: An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.
nvd
CVE-2018-17444P3HIGHCVSS 7.5v10.1.02018-10-23
CVE-2018-17444 [HIGH] CWE-22 CVE-2018-17444: A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
nvd
CVE-2018-17447P3HIGHCVSS 7.5v10.1.02018-10-23
CVE-2018-17447 [HIGH] CWE-532 CVE-2018-17447: An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
nvd
CVE-2019-11550P4MEDIUMCVSS 5.9≥ 10.1.0, ≤ 10.1.2≥ 10.2.0, < 10.2.12019-05-08
CVE-2019-11550 [MEDIUM] CWE-295 CVE-2019-11550: Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certifica Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation.
nvd
Citrix Sd-Wan vulnerabilities | cvebase