Remote Code Execution Vulnerability in Citrix SD-WAN Center
CVE-2020-8271

9.8CRITICAL

Key Information:

Vendor
Citrix
Vendor
CVE Published:
16 November 2020

Summary

This vulnerability allows unauthorized users to execute arbitrary code with root privileges on the Citrix SD-WAN Center. Systems running versions earlier than 11.2.2, 11.1.2b, and 10.2.8 are particularly at risk. Attackers can exploit this flaw, leading to potential compromises of system integrity and security, highlighting the need for timely updates and stronger access controls.

Affected Version(s)

Citrix SD-WAN Center Fixed in 11.2.2, 11.1.2b and 10.2.8

References

EPSS Score

39% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.