An information disclosure vulnerability has been identified in the Citrix SD-WAN Appliance. This vulnerability could allow an unauthenticated attacker to perform a man-in-the-middle attack against management traffic.
CVE-2019-11550 – Information Disclosure in Citrix SD-WAN Appliance 10.2.x before 10.2.2 and NetScaler SD-WAN Appliance 10.0.x before 10.0.7.
How it works?
Slides 44-45.
ftp://ftp.ccc.de/congress/2018/slides-pdf/35c3-9446-sd-wan_a_new_hop.pdf
Affected Versions:
• All versions of NetScaler SD-WAN 9.x *
• All versions of NetScaler SD-WAN 10.0.x earlier than 10.0.7
• All versions of Citrix SD-WAN 10.1.x *
• All versions of Citrix SD-WAN 10.2.x earlier than 10.2.2
* Upgrade to 10.0.7 or 10.2.2 for security update
Kudos
Sergey Gordeychik, Denis Kolegov, and Nikita Oleksov of SD-WAN New Hop(e) team
Enjoy
No comments:
Post a Comment