CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-17447 – Citrix NetScaler SD-WAN SQL Injection / Traversal / Command Injection
https://notcve.org/view.php?id=CVE-2018-17447
23 Oct 2018 — An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Se ha descubierto un problema de exposición de información mediante archivos de registro en Citrix SD-WAN 10.1.0 y NetScaler SD-WAN en versiones 9.3.x anteriores a la 9.3.6 y versiones 10.0.x anteriores a la 10.0.4. The management interfaces of Citrix NetScaler SD-WAN physical appliances and virtual appliances suffer from command injection, information expo... • http://www.securityfocus.com/bid/105711 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-17448 – Citrix NetScaler SD-WAN SQL Injection / Traversal / Command Injection
https://notcve.org/view.php?id=CVE-2018-17448
23 Oct 2018 — An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Se ha descubierto un problema de control de acceso incorrecto en Citrix SD-WAN 10.1.0 y NetScaler SD-WAN en versiones 9.3.x anteriores a la 9.3.6 y versiones 10.0.x anteriores a la 10.0.4. The management interfaces of Citrix NetScaler SD-WAN physical appliances and virtual appliances suffer from command injection, information exposure, incorrect access control, IP spoofi... • http://www.securityfocus.com/bid/105711 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15387 – Cisco SD-WAN Solution Certificate Validation Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2018-15387
05 Oct 2018 — A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by supplying a system image signed with a crafted certificate to an affected device, bypassing the certificate validation. An exploit could allow an attacker to deploy a crafted system image. Una vulnerabilidad en Cisco SD-WAN Solution podría permitir que u... • http://www.securityfocus.com/bid/105509 • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation •