Citrix SD-WAN Security Update (CTX247735)
An information disclosure vulnerability has been identified in the Citrix SD-WAN Appliance. This vulnerability could allow an unauthenticated attacker to perform a man-in-the-middle attack against management traffic.
CVE-2019-11550 – Information Disclosure in Citrix SD-WAN Appliance 10.2.x before 10.2.2 and NetScaler SD-WAN Appliance 10.0.x before 10.0.7.
How it works?
• All versions of NetScaler SD-WAN 9.x *
• All versions of NetScaler SD-WAN 10.0.x earlier than 10.0.7
• All versions of Citrix SD-WAN 10.1.x *
• All versions of Citrix SD-WAN 10.2.x earlier than 10.2.2
* Upgrade to 10.0.7 or 10.2.2 for security update
Sergey Gordeychik, Denis Kolegov, and Nikita Oleksov of SD-WAN New Hop(e) team