GradeZero Music Band

Sunday, May 12, 2019

On CVE-2019-11550


Citrix SD-WAN Security Update (CTX247735)

An information disclosure vulnerability has been identified in the Citrix SD-WAN Appliance. This  vulnerability could allow an unauthenticated attacker to perform a man-in-the-middle attack against management traffic.




CVE-2019-11550 – Information Disclosure in Citrix SD-WAN Appliance 10.2.x before 10.2.2 and NetScaler SD-WAN Appliance 10.0.x before 10.0.7.


How it works?
Slides 44-45.

ftp://ftp.ccc.de/congress/2018/slides-pdf/35c3-9446-sd-wan_a_new_hop.pdf



Affected Versions:

• All versions of NetScaler SD-WAN 9.x *

• All versions of NetScaler SD-WAN 10.0.x earlier than 10.0.7

• All versions of Citrix SD-WAN 10.1.x *

• All versions of Citrix SD-WAN 10.2.x earlier than 10.2.2

*  Upgrade to 10.0.7 or 10.2.2 for security update

Kudos

Sergey Gordeychik, Denis Kolegov, and Nikita Oleksov of SD-WAN New Hop(e) team

Enjoy

No comments:

Post a Comment