NetScaler SD-WAN Center 10.0.7 Remote Code Execution Vulnerability

Summary

Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection.

Credit:

The information has been provided by Tenable

The original article can be found at: https://support.citrix.com/article/CTX247737


Details

A command injection vulnerability has been identified in the management console of Citrix SD-WAN Center and NetScaler SD-WAN Center. This vulnerability could allow an unauthenticated attacker with access to the management console to compromise the host. A low severity cross-site scripting (XSS) vulnerability has been identified in the management console of Citrix SD-WAN Center and NetScaler SD-WAN Center. This vulnerability if exploited by an attacker, could potentially be used to execute malicious client-side script in the browser of a user then the script may be able to gain access to potentially sensitive information. 

Vulnerable Systems:

  • NetScaler SD-WAN Center 10.0.7
  • Citrix SD-WAN Center 10.2.1

CVE Information:

CVE-2019-10883

Disclosure Timeline:
Publish Date:06/03/2019

Categories: News