The management interfaces of Citrix NetScaler SD-WAN physical appliances and virtual appliances suffer from command injection, information exposure, incorrect access control, IP spoofing, remote SQL injection, and directory traversal vulnerabilities.
b27e1af5d9f4b9be4c08566bac90e203Multiple vulnerabilities have been identified in the management
interface of Citrix NetScaler SD-WAN physical appliances and virtual
appliances. Collectively these vulnerabilities could allow an
unauthenticated attacker with access to the management interface to
compromise the host.
http://www.scada.sl/2018/10/citrix-netscaler-sd-wan-bugsfixes.html
CVE-2018-17444 - Directory traversal in Citrix SD-WAN 10.1.0 and
NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
CVE-2018-17445 - Command Injection in Citrix SD-WAN 10.1.0 and
NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
CVE-2018-17446 - SQL Injection in in Citrix SD-WAN 10.1.0 and
NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
CVE-2018-17447 - Information exposure through log files in Citrix
SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x
before 10.0.4.
CVE-2018-17448 - Incorrect Access Controls in Citrix SD-WAN 10.1.0 and
NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
CVE-2012-2104 - Munin Remote Command Injection Vulnerability.
CVE-2016-4793 - The clientIp function in CakePHP 3.2.4 and earlier
allows remote attackers to spoof their IP via the CLIENT-IP HTTP
header.
Citrix NetScaler SD-WAN WAN Optimization Edition is not affected.
Credits
Denis Kolegov, Nikita Oleksov, Nikolay Tkachenko, Oleg Broslavsky,
Sergey Gordeychik
Kudos
Citrix Security Response Team