Missing SSL Certificate Validation in Citrix SD-WAN by Citrix
CVE-2020-6175

5.9MEDIUM

Key Information:

Vendor: Citrix
Status: Citrix Sd-wan Center; Netscaler Sd-wan Center
Vendor: CVE Published:; 16 March 2020

Summary

Citrix SD-WAN versions 10.2.x prior to 10.2.6 and 11.0.x prior to 11.0.3 are affected by a vulnerability that lacks sufficient SSL certificate validation. This flaw could allow an attacker to execute certain actions or intercept communication, potentially leading to unauthorized access or data breaches. It is crucial for organizations using affected versions to apply necessary updates and enhancements to their SSL certificate validation mechanisms.

References

https://support.citrix.com/search

x_refsource_MISC

https://support.citrix.com/article/CTX263526

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 16, 2020
Vulnerability Reserved
Jan 8, 2020