lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 23 Oct 2018 08:58:00 +0400
From: SCADA StrangeLove <scadastrangelove@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] Vulnerabilities in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN
 9.3.x before 9.3.6 and 10.0.x before 10.0.4

Multiple vulnerabilities have been identified in the management
interface of Citrix NetScaler SD-WAN physical appliances and virtual
appliances. Collectively these vulnerabilities could allow an
unauthenticated attacker with access to the management interface to
compromise the host.

http://www.scada.sl/2018/10/citrix-netscaler-sd-wan-bugsfixes.html

CVE-2018-17444 - Directory traversal in Citrix SD-WAN 10.1.0 and
NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
CVE-2018-17445 - Command Injection in Citrix SD-WAN 10.1.0 and
NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
CVE-2018-17446 - SQL Injection in in Citrix SD-WAN 10.1.0 and
NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
CVE-2018-17447 - Information exposure through log files in Citrix
SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x
before 10.0.4.
CVE-2018-17448 - Incorrect Access Controls in Citrix SD-WAN 10.1.0 and
NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
CVE-2012-2104 - Munin Remote Command Injection Vulnerability.
CVE-2016-4793 - The clientIp function in CakePHP 3.2.4 and earlier
allows remote attackers to spoof their IP via the CLIENT-IP HTTP
header.

Citrix NetScaler SD-WAN WAN Optimization Edition is not affected.

Credits

Denis Kolegov, Nikita Oleksov, Nikolay Tkachenko, Oleg Broslavsky,
Sergey Gordeychik

Kudos

Citrix Security Response Team

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists