GradeZero Music Band

Sunday, May 12, 2019

On CVE-2019-11550

Citrix SD-WAN Security Update (CTX247735)

An information disclosure vulnerability has been identified in the Citrix SD-WAN Appliance. This  vulnerability could allow an unauthenticated attacker to perform a man-in-the-middle attack against management traffic.

CVE-2019-11550 – Information Disclosure in Citrix SD-WAN Appliance 10.2.x before 10.2.2 and NetScaler SD-WAN Appliance 10.0.x before 10.0.7.

How it works?
Slides 44-45.

Affected Versions:

• All versions of NetScaler SD-WAN 9.x *

• All versions of NetScaler SD-WAN 10.0.x earlier than 10.0.7

• All versions of Citrix SD-WAN 10.1.x *

• All versions of Citrix SD-WAN 10.2.x earlier than 10.2.2

*  Upgrade to 10.0.7 or 10.2.2 for security update


Sergey Gordeychik, Denis Kolegov, and Nikita Oleksov of SD-WAN New Hop(e) team


No comments:

Post a Comment