Citrix Sd-Wan Wanop vulnerabilities

10 known vulnerabilities affecting citrix/sd-wan_wanop.

Total CVEs
10
CISA KEV
3
actively exploited
Public exploits
5
Exploited in wild
4
Severity breakdown
HIGH3MEDIUM7

Vulnerabilities

Page 1 of 1
CVE-2021-22919HIGHCVSS 7.5≥ 10.2, < 10.2.9.b≥ 11.2, < 11.2.3.b+2 more2021-08-05
CVE-2021-22919 [HIGH] CWE-770 CVE-2021-22919: A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gatew A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed.
nvd
CVE-2020-8299MEDIUMCVSS 6.5≥ 10.2, < 10.2.9a≥ 11.1, < 11.1.2c+2 more2021-06-16
CVE-2020-8299 [MEDIUM] CWE-400 CVE-2020-8299: Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 1 Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segmen
nvd
CVE-2020-8246HIGHCVSS 7.5≥ 10.2, < 10.2.7b≥ 11.0, < 11.0.3f+2 more2020-09-18
CVE-2020-8246 [HIGH] CWE-400 CVE-2020-8246: Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 1 Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0
nvd
CVE-2020-8247HIGHCVSS 8.8≥ 10.2, < 10.2.7b≥ 11.0, < 11.0.3f+2 more2020-09-18
CVE-2020-8247 [HIGH] CWE-269 CVE-2020-8247: Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 1 Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0
nvd
CVE-2020-8198MEDIUMCVSS 6.1≥ 10.2, < 10.2.7≥ 11.0, < 11.0.3d+1 more2020-07-10
CVE-2020-8198 [MEDIUM] CWE-79 CVE-2020-8198: Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 1 Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).
nvd
CVE-2020-8195MEDIUMCVSS 6.5KEVPoC≥ 10.2, < 10.2.7≥ 11.0, < 11.0.3d+1 more2020-07-10
CVE-2020-8195 [MEDIUM] CWE-20 CVE-2020-8195: Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 1 Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
nvd
CVE-2020-8196MEDIUMCVSS 4.3KEVPoC≥ 10.2, < 10.2.7≥ 11.0, < 11.0.3d+1 more2020-07-10
CVE-2020-8196 [MEDIUM] CWE-284 CVE-2020-8196: Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12. Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
nvd
CVE-2020-8193MEDIUMCVSS 6.5KEVPoC≥ 10.2, < 10.2.7≥ 11.0, < 11.0.3d+1 more2020-07-10
CVE-2020-8193 [MEDIUM] CWE-284 CVE-2020-8193: Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12. Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.
nvd
CVE-2020-8191MEDIUMCVSS 6.1ExploitedPoC≥ 10.2, < 10.2.7≥ 11.0, < 11.0.3d+1 more2020-07-10
CVE-2020-8191 [MEDIUM] CWE-79 CVE-2020-8191: Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 1 Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).
nvd
CVE-2020-8194MEDIUMCVSS 6.5PoC≥ 10.2, < 10.2.7≥ 11.0, < 11.0.3d+1 more2020-07-10
CVE-2020-8194 [MEDIUM] CWE-94 CVE-2020-8194: Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12 Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.
nvd