Improper Certificate Validation in Citrix SD-WAN and NetScaler SD-WAN
CVE-2019-11550

5.9MEDIUM

Key Information:

Vendor: Citrix
Status: Sd-wan; Netscaler Sd-wan
Vendor: CVE Published:; 8 May 2019

Summary

Citrix SD-WAN and NetScaler SD-WAN are vulnerable to improper certificate validation, which could allow an attacker to conduct man-in-the-middle attacks by impersonating legitimate servers. The affected versions prior to the specified updates could fail to properly validate the authenticity of certificates, potentially leading to unauthorized access and data leaks.

References

https://support.citrix.com/v1/search?searchQuery=%22%22&l...

x_refsource_MISC

https://support.citrix.com/article/CTX247735

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 8, 2019
Vulnerability Reserved
Apr 25, 2019