Netscaler SD-WAN
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6316 | Cri | 0.85 | 9.8 | 0.73 | KEV | Jul 20, 2017 | Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID. | |
| CVE-2019-12989 | 0.22 | — | 0.94 | KEV | Jul 16, 2019 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection. | ||
| CVE-2019-12991 | 0.21 | — | 0.74 | KEV | Jul 16, 2019 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6). | ||
| CVE-2019-12985 | 0.07 | — | 0.43 | Jul 16, 2019 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6). | |||
| CVE-2019-12986 | 0.07 | — | 0.40 | Jul 16, 2019 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6). | |||
| CVE-2019-12987 | 0.07 | — | 0.44 | Jul 16, 2019 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6). | |||
| CVE-2019-12988 | 0.07 | — | 0.43 | Jul 16, 2019 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6). | |||
| CVE-2019-12990 | 0.07 | — | 0.39 | Jul 16, 2019 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal. | |||
| CVE-2019-12992 | 0.00 | — | 0.49 | Jul 16, 2019 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6). | |||
| CVE-2019-11550 | 0.00 | — | 0.01 | May 8, 2019 | Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation. | |||
| CVE-2018-17448 | 0.00 | — | 0.02 | Oct 23, 2018 | An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | |||
| CVE-2018-17447 | 0.00 | — | 0.02 | Oct 23, 2018 | An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | |||
| CVE-2018-17445 | 0.00 | — | 0.11 | Oct 23, 2018 | A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | |||
| CVE-2018-17446 | 0.00 | — | 0.02 | Oct 23, 2018 | A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. |
- risk 0.85cvss 9.8epss 0.73
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.
- risk 0.22cvss —epss 0.94
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.
- risk 0.21cvss —epss 0.74
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).
- CVE-2019-12985Jul 16, 2019risk 0.07cvss —epss 0.43
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).
- CVE-2019-12986Jul 16, 2019risk 0.07cvss —epss 0.40
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).
- CVE-2019-12987Jul 16, 2019risk 0.07cvss —epss 0.44
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).
- CVE-2019-12988Jul 16, 2019risk 0.07cvss —epss 0.43
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6).
- CVE-2019-12990Jul 16, 2019risk 0.07cvss —epss 0.39
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.
- CVE-2019-12992Jul 16, 2019risk 0.00cvss —epss 0.49
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6).
- CVE-2019-11550May 8, 2019risk 0.00cvss —epss 0.01
Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation.
- CVE-2018-17448Oct 23, 2018risk 0.00cvss —epss 0.02
An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
- CVE-2018-17447Oct 23, 2018risk 0.00cvss —epss 0.02
An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
- CVE-2018-17445Oct 23, 2018risk 0.00cvss —epss 0.11
A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
- CVE-2018-17446Oct 23, 2018risk 0.00cvss —epss 0.02
A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.