Citrix SD-WAN Vulnerability Allows Limited Information Disclosure
CVE-2024-2049

6.5MEDIUM

Key Information:

Vendor: Citrix
Status: Citrix Sd-wan Standard/premium Editions
Vendor: CVE Published:; 12 March 2024

What is CVE-2024-2049?

Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP.

Affected Version(s)

Citrix SD-WAN Standard/Premium Editions 11.4 < 11.4.4.46

References

https://support.citrix.com/article/CTX617071/citrix-sdwan...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 12, 2024
Vulnerability Reserved
Mar 1, 2024