漏洞类别:CGI
漏洞等级: 
漏洞信息
NetScaler SD-WAN creates a reliable WAN from diverse network links, including MPLS, broadband, and wireless, continuously measuring and monitoring each link for loss, latency, jitter and congestion. With CloudBridge virtual WAN, users can covert otherwise idle, back-up links to active.
A vulnerability exists due to insufficient sanitization of data via cookies in the management interface of Citrix NetScaler SD-WAN and Citrix CloudBridge Virtual WAN Edition.
Affected versions:
All versions of Citrix SD-WAN 9.x Enterprise and Standard Edition earlier than version 9.2.1-1001
All versions of Citrix CloudBridge 8.x Virtual WAN Edition
QID Detection Logic (unauthenticated):
The QID checks for the vulnerable version of Citrix NetScaler SD-WAN and CloudBridge Virtual WAN by sending a crafted POST request to "/cgi-bin/login.cgi?redirect=/" page.
漏洞危害
Successful exploitation could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system.
解决方案
0daybank
文章评论