Vulnerabilities > Citrix > SD WAN

DATE CVE VULNERABILITY TITLE RISK
2021-12-07 CVE-2021-22956 Resource Exhaustion vulnerability in Citrix products
An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.
network
low complexity
citrix CWE-400
7.5
2020-11-16 CVE-2020-8273 OS Command Injection vulnerability in Citrix Sd-Wan
Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.
network
low complexity
citrix CWE-78
8.8
2020-11-16 CVE-2020-8272 Improper Authentication vulnerability in Citrix Sd-Wan
Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
network
low complexity
citrix CWE-287
7.5
2020-11-16 CVE-2020-8271 Path Traversal vulnerability in Citrix Sd-Wan
Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
network
low complexity
citrix CWE-22
critical
9.8
2019-07-16 CVE-2019-12992 OS Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6).
network
low complexity
citrix CWE-78
8.8
2019-07-16 CVE-2019-12991 OS Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).
network
low complexity
citrix CWE-78
8.8
2019-07-16 CVE-2019-12990 Path Traversal vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.
network
low complexity
citrix CWE-22
critical
9.8
2019-07-16 CVE-2019-12989 SQL Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.
network
low complexity
citrix CWE-89
critical
9.8
2019-07-16 CVE-2019-12988 OS Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6).
network
low complexity
citrix CWE-78
critical
9.8
2019-07-16 CVE-2019-12987 OS Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).
network
low complexity
citrix CWE-78
critical
9.8