Citrix SD-WAN Vulnerability Allows Limited Information Disclosure
CVE-2024-2049
6.5MEDIUM
Key Information
- Vendor
- Citrix
- Status
- Citrix Sd-wan Standard/premium Editions
- Vendor
- CVE Published:
- 12 March 2024
Summary
Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP.
Affected Version(s)
Citrix SD-WAN Standard/Premium Editions < 11.4.4.46
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database