9
CVE-2019-12991
- EPSS 86.75%
- Published 16.07.2019 18:15:13
- Last modified 14.03.2025 17:50:38
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).
Data is provided by the National Vulnerability Database (NVD)
Citrix ≫ Netscaler Sd-wan Version >= 10.0.0 < 10.0.8
25.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Citrix SD-WAN and NetScaler Command Injection Vulnerability
VulnerabilityAuthenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 86.75% | 0.994 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.