Multiple vulnerabilities have been identified in the management console of the Citrix SD-WAN Center and NetScaler SD-WAN Center. Multiple Vulnerabilities have also been identified on the Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance. Collectively, these vulnerabilities could result in an unauthenticated attacker executing commands as root against the SD-WAN Center management console, or potentially be used to gain root privileges on the SD-WAN appliance. The vulnerabilities have been assigned the following CVE numbers.

CVE-2019-12985 – Unauthenticated Command Injection in Citrix SD-WAN Center 10.2.x before 10.2.3 and NetScaler SD-WAN Center 10.0.x before 10.0.8.

CVE-2019-12986 – Unauthenticated Command Injection in Citrix SD-WAN Center 10.2.x before 10.2.3 and NetScaler SD-WAN Center 10.0.x before 10.0.8.

CVE-2019-12987 – Unauthenticated Command Injection in Citrix SD-WAN Center 10.2.x before 10.2.3…

Open on Citrix.com

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.