Vulnerability Details CVE-2019-12991
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.864
EPSS Ranking 99.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
Proposed Action
Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance.
Ransomware Campaign
Unknown
References
- http://packetstormsecurity.com/files/153638/Citrix-SD-WAN-Appliance-10.2.2-Authentication-Bypass-Remote-Command-Execution.html
- http://www.securityfocus.com/bid/109133
- https://support.citrix.com/article/CTX251987
- https://www.tenable.com/security/research/tra-2019-32
- http://packetstormsecurity.com/files/153638/Citrix-SD-WAN-Appliance-10.2.2-Authentication-Bypass-Remote-Command-Execution.html
- http://www.securityfocus.com/bid/109133
- https://support.citrix.com/article/CTX251987
- https://www.tenable.com/security/research/tra-2019-32
Products affected by CVE-2019-12991
-
cpe:2.3:a:citrix:netscaler_sd-wan:10.0.0
-
cpe:2.3:a:citrix:netscaler_sd-wan:10.0.1
-
cpe:2.3:a:citrix:netscaler_sd-wan:10.0.2
-
cpe:2.3:a:citrix:netscaler_sd-wan:10.0.3
-
cpe:2.3:a:citrix:netscaler_sd-wan:10.0.4
-
cpe:2.3:a:citrix:netscaler_sd-wan:10.0.5
-
cpe:2.3:a:citrix:netscaler_sd-wan:10.0.6
-
cpe:2.3:a:citrix:netscaler_sd-wan:10.0.7
-
cpe:2.3:a:citrix:sd-wan:10.2.0
-
cpe:2.3:a:citrix:sd-wan:10.2.1
-
cpe:2.3:a:citrix:sd-wan:10.2.2