CVE-2022-27506

nvd nist

Published: Apr 13, 2022Modified: Nov 21, 2024

2.7

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.2 / Impact: 1.4

Source: NVD

Description

Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI

Affected (20)

Products: Citrix: Sd Wan 110 Firmware, Sd Wan 210 Firmware, Sd Wan 400 Firmware, Sd Wan 410 Firmware, Sd Wan 1000 Firmware, Sd Wan 2000 Firmware, Sd Wan 2100 Firmware, Sd Wan 4000 Firmware, Sd Wan 4100 Firmware, Sd Wan 5100 Firmware, Sd Wan 6100 Firmware, Sd Wan 1100 Firmware, Sd Wan Center Management Console, Sd Wan Orchestrator

14 products

Sd Wan Center Management Console

Sd Wan Orchestrator

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Sd Wan 110 Firmware	Before 11.4.1

Running on/with	Platform Versions
Citrix Sd Wan 110	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Sd Wan 210 Firmware	Before 11.4.1

Running on/with	Platform Versions
Citrix Sd Wan 210	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Sd Wan 400 Firmware	Before 11.4.1

Running on/with	Platform Versions
Citrix Sd Wan 400	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Sd Wan 410 Firmware	Before 11.4.1

Running on/with	Platform Versions
Citrix Sd Wan 410	All versions

Configuration E

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Sd Wan 1000 Firmware	Before 11.4.1
Citrix Sd Wan 1000 Firmware	Before 11.4.1

Running on/with	Platform Versions
Citrix Sd Wan 1000	All versions

Configuration F

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Sd Wan 2000 Firmware	Before 11.4.1
Citrix Sd Wan 2000 Firmware	Before 11.4.1

Running on/with	Platform Versions
Citrix Sd Wan 2000	All versions

Configuration G

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Sd Wan 2100 Firmware	Before 11.4.1
Citrix Sd Wan 2100 Firmware	Before 11.4.1

Running on/with	Platform Versions
Citrix Sd Wan 2100	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Sd Wan 4000 Firmware	Before 11.4.1

Running on/with	Platform Versions
Citrix Sd Wan 4000	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Sd Wan 4100 Firmware	Before 11.4.1

Running on/with	Platform Versions
Citrix Sd Wan 4100	All versions

Configuration J

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Sd Wan 5100 Firmware	Before 11.4.1
Citrix Sd Wan 5100 Firmware	Before 11.4.1

Running on/with	Platform Versions
Citrix Sd Wan 5100	All versions

Configuration K

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Sd Wan 6100 Firmware	Before 11.4.1
Citrix Sd Wan 6100 Firmware	Before 11.4.1

Running on/with	Platform Versions
Citrix Sd Wan 6100	All versions

Configuration L

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Sd Wan 1100 Firmware	Before 11.4.1
Citrix Sd Wan 1100 Firmware	Before 11.4.1

Running on/with	Platform Versions
Citrix Sd Wan 1100	All versions

Configuration M

2 vulnerable

Vulnerable Software	Affected Versions
Citrix Sd Wan Center Management Console	Before 11.4.3
Citrix Sd Wan Orchestrator	Before 13.2.1

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://support.citrix.com/article/CTX370550

Source: secure@citrix.com

Vendor Advisory

https://support.citrix.com/article/CTX370550

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.