109133

https://support.citrix.com/article/CTX251987

https://www.tenable.com/security/research/tra-2019-31

The remote Citrix SD-WAN Center or NetScaler SD-WAN Center is affected by a remote command injection vulnerability due to improper sanitization of user-supplied input in the addModifyZTDProxy action of NmsController. An unauthenticated, remote attacker can exploit this, via a specially crafted HTTP request, to execute arbitrary commands on the remote host with root privileges.

Note that Nessus can perform an additional check for this vulnerability. To do so, re-run the scan with the setting 'Perform thorough tests (may disrupt your network or impact scan speed)' enabled.

CVE-2019-12988

HIGH

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins

critical