CVE-2024-2049 – Server-Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2024-2049
Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP. Server-Side Request Forgery (SSRF) en las ediciones Citrix SD-WAN Standard/Premium posteriores a 11.4.0 y anteriores a 11.4.4.46 permite a un atacante revelar información limitada del dispositivo a través del acceso a la IP de administración. • https://support.citrix.com/article/CTX617071/citrix-sdwan-security-bulletin-for-cve20242049 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2022-20717 – Cisco SD-WAN vEdge Routers Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-20717
A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient memory management when an affected device receives large amounts of traffic. An attacker could exploit this vulnerability by sending malicious traffic to an affected device. A successful exploit could allow the attacker to cause the device to crash, resulting in a DoS condition. Una vulnerabilidad en el proceso NETCONF de los routers Cisco SD-WAN vEdge podría permitir a un atacante local autenticado causar a un dispositivo afectado quedarse sin memoria, resultando en una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vedge-dos-jerVm4bB • CWE-770: Allocation of Resources Without Limits or Throttling CWE-789: Memory Allocation with Excessive Size Value •
CVE-2022-27505
https://notcve.org/view.php?id=CVE-2022-27505
Reflected cross site scripting (XSS) Una vulnerabilidad de tipo cross site scripting (XSS) Reflejado • https://support.citrix.com/article/CTX370550 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-27506
https://notcve.org/view.php?id=CVE-2022-27506
Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI Unas credenciales embebidas permiten a administradores acceder al shell por medio de la CLI de SD-WAN • https://support.citrix.com/article/CTX370550 • CWE-798: Use of Hard-coded Credentials •
CVE-2021-22956
https://notcve.org/view.php?id=CVE-2021-22956
An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. Se presenta una vulnerabilidad de consumo no controlado de recursos en Citrix ADC versiones anteriores a 13.0-83.27, versiones anteriores a 12.1-63.22 y 11.1-65.23 que podría permitir a un atacante con acceso a NSIP o SNIP con acceso a la interfaz de administración causar una interrupción temporal de la GUI de administración, la API Nitro y la comunicación RPC • https://support.citrix.com/article/CTX330728 • CWE-400: Uncontrolled Resource Consumption •