• info
• discussion
• exploit
• solution
• references

Citrix SD-WAN Center Multiple Security Vulnerabilities

Citrix SD-WAN Center is prone to the following security vulnerabilities:

1. Multiple command-injection vulnerabilities
2. A directory-traversal vulnerability
3. An SQL-injection vulnerability

An attacker can exploit these issues to execute arbitrary commands on the affected system with root privileges, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database or access and write arbitrary files or to execute arbitrary files.

The following products of Citrix are vulnerable:

Citrix SD-WAN Center versions 10.2.x prior to10.2.3 are vulnerable.
Citrix NetScaler SD-WAN Center versions 10.0.x prior to 10.0.8 are vulnerable.