Citrix SD-WAN Appliance SQL and command injection
Added: 07/26/2019Background
Citrix Software-defined wide-area network (SD-WAN) is a service that grants the enterprise with the ability to dynamically connect branch offices and data centers on a global scale.Problem
Citrix SD-WAN 10.1.x and 10.2.x before 10.2.3 allow unauthenticated SQL injection and authenticated command injection.Resolution
Upgrade to Citrix SD-WAN 10.2.3 or higher.References
https://support.citrix.com/article/CTX251987Limitations
Exploit works on Citrix SD-WAN 10.2.2.Back to exploit index