NetScaler SD-WAN Center 10.0.7 Remote Code Execution Vulnerability
Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection.
The information has been provided by Tenable
The original article can be found at: https://support.citrix.com/article/CTX247737
A command injection vulnerability has been identified in the management console of Citrix SD-WAN Center and NetScaler SD-WAN Center. This vulnerability could allow an unauthenticated attacker with access to the management console to compromise the host. A low severity cross-site scripting (XSS) vulnerability has been identified in the management console of Citrix SD-WAN Center and NetScaler SD-WAN Center. This vulnerability if exploited by an attacker, could potentially be used to execute malicious client-side script in the browser of a user then the script may be able to gain access to potentially sensitive information.
- NetScaler SD-WAN Center 10.0.7
- Citrix SD-WAN Center 10.2.1