Detections
Analytics
Citrix and NetScaler SD-WAN Center Unauthenticated Directory Traversal File Write
critical Nessus Plugin ID 132102
Language:
Synopsis
The remote host is susceptible to directory traversal with write capability by a remote, unauthenticated attacker.Description
The remote Citrix SD-WAN Center or NetScaler SD-WAN Center is susceptible to directory traversal and file writes in arbitrary locations. This is due to improper sanitization of user-supplied input in the applianceSettingsFileTransfer action of ApplianceSettingsController. An unauthenticated, remote attacker can exploit this by routing traffic through the Collector controller and supplying crafted values for 'filename', 'filedata', and 'workspace_id'. This allows writing files to locations writable by the 'www-data' user, as well as writing crafted PHP files to /home/talariuser/www/app/webroot/files/ to execute arbitrary PHP code.Solution
Upgrade to Citrix SD-WAN Center version 10.2.3 or later or NetScaler SD-WAN Center version 10.0.8 or later.See Also
Plugin Details
Severity: Critical
ID: 132102
File Name: citrix_sdwan_center_unauth_dir_traversal_write.nasl
Version: 1.4
Type: remote
Family: CGI abuses
Published: 12/18/2019
Updated: 12/19/2019
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2019-12990
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: x-cpe:/a:citrix:sd-wan-center
Required KB Items: installed_sw/Citrix SD-WAN Center
Exploit Available: true
Exploit Ease: Exploits are available
Exploited by Nessus: true
Patch Publication Date: 6/11/2019
Vulnerability Publication Date: 7/2/2019
Reference Information
CVE: CVE-2019-12990
BID: 109133
TRA: TRA-2019-31