Vulnerability Details CVE-2019-12989
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.818
EPSS Ranking 99.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Proposed Action
Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection.
Ransomware Campaign
Unknown
References
- http://packetstormsecurity.com/files/153638/Citrix-SD-WAN-Appliance-10.2.2-Authentication-Bypass-Remote-Command-Execution.html
- http://www.securityfocus.com/bid/109133
- https://support.citrix.com/article/CTX251987
- https://www.tenable.com/security/research/tra-2019-32
- http://packetstormsecurity.com/files/153638/Citrix-SD-WAN-Appliance-10.2.2-Authentication-Bypass-Remote-Command-Execution.html
- http://www.securityfocus.com/bid/109133
- https://support.citrix.com/article/CTX251987
- https://www.tenable.com/security/research/tra-2019-32
Products affected by CVE-2019-12989
-
cpe:2.3:a:citrix:netscaler_sd-wan:10.0.0
-
cpe:2.3:a:citrix:netscaler_sd-wan:10.0.1
-
cpe:2.3:a:citrix:netscaler_sd-wan:10.0.2
-
cpe:2.3:a:citrix:netscaler_sd-wan:10.0.3
-
cpe:2.3:a:citrix:netscaler_sd-wan:10.0.4
-
cpe:2.3:a:citrix:netscaler_sd-wan:10.0.5
-
cpe:2.3:a:citrix:netscaler_sd-wan:10.0.6
-
cpe:2.3:a:citrix:netscaler_sd-wan:10.0.7
-
cpe:2.3:a:citrix:sd-wan:10.2.0
-
cpe:2.3:a:citrix:sd-wan:10.2.1
-
cpe:2.3:a:citrix:sd-wan:10.2.2