CVSS: 9.0EPSS: 1%CPEs: 12EXPL: 0CVE-2019-1650 – Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability
https://notcve.org/view.php?id=CVE-2019-1650
24 Jan 2019 — A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the save command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the save command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of a... • http://www.securityfocus.com/bid/106716 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 4%CPEs: 3EXPL: 0CVE-2018-17444 – Citrix NetScaler SD-WAN SQL Injection / Traversal / Command Injection
https://notcve.org/view.php?id=CVE-2018-17444
23 Oct 2018 — A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Se ha descubierto un problema de salto de directorio en Citrix SD-WAN 10.1.0 y NetScaler SD-WAN en versiones 9.3.x anteriores a la 9.3.6 y versiones 10.0.x anteriores a la 10.0.4. The management interfaces of Citrix NetScaler SD-WAN physical appliances and virtual appliances suffer from command injection, information exposure, incorrect access control, IP spoofing, remote SQL ... • http://www.securityfocus.com/bid/105711 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 0CVE-2018-17445 – Citrix NetScaler SD-WAN SQL Injection / Traversal / Command Injection
https://notcve.org/view.php?id=CVE-2018-17445
23 Oct 2018 — A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Se ha descubierto un problema de inyección de comandos en Citrix SD-WAN 10.1.0 y NetScaler SD-WAN en versiones 9.3.x anteriores a la 9.3.6 y versiones 10.0.x anteriores a la 10.0.4. The management interfaces of Citrix NetScaler SD-WAN physical appliances and virtual appliances suffer from command injection, information exposure, incorrect access control, IP spoofing, remote SQL ... • http://www.securityfocus.com/bid/105711 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-17446 – Citrix NetScaler SD-WAN SQL Injection / Traversal / Command Injection
https://notcve.org/view.php?id=CVE-2018-17446
23 Oct 2018 — A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Se ha descubierto un problema de inyección SQL en Citrix SD-WAN 10.1.0 y NetScaler SD-WAN en versiones 9.3.x anteriores a la 9.3.6 y versiones 10.0.x anteriores a la 10.0.4. The management interfaces of Citrix NetScaler SD-WAN physical appliances and virtual appliances suffer from command injection, information exposure, incorrect access control, IP spoofing, remote SQL injection, a... • http://www.securityfocus.com/bid/105711 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-17447 – Citrix NetScaler SD-WAN SQL Injection / Traversal / Command Injection
https://notcve.org/view.php?id=CVE-2018-17447
23 Oct 2018 — An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Se ha descubierto un problema de exposición de información mediante archivos de registro en Citrix SD-WAN 10.1.0 y NetScaler SD-WAN en versiones 9.3.x anteriores a la 9.3.6 y versiones 10.0.x anteriores a la 10.0.4. The management interfaces of Citrix NetScaler SD-WAN physical appliances and virtual appliances suffer from command injection, information expo... • http://www.securityfocus.com/bid/105711 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-17448 – Citrix NetScaler SD-WAN SQL Injection / Traversal / Command Injection
https://notcve.org/view.php?id=CVE-2018-17448
23 Oct 2018 — An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Se ha descubierto un problema de control de acceso incorrecto en Citrix SD-WAN 10.1.0 y NetScaler SD-WAN en versiones 9.3.x anteriores a la 9.3.6 y versiones 10.0.x anteriores a la 10.0.4. The management interfaces of Citrix NetScaler SD-WAN physical appliances and virtual appliances suffer from command injection, information exposure, incorrect access control, IP spoofi... • http://www.securityfocus.com/bid/105711 •