CVE-2018-17445: Command Injection
First published: Tue Oct 23 2018(Updated: )
A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Citrix NetScaler SD-WAN | >=9.3.0<=9.3.6 | |
| Citrix NetScaler SD-WAN | >=10.0.0<=10.0.4 | |
| Citrix SD-WAN | =10.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-17445?
The severity of CVE-2018-17445 is critical, with a severity value of 9.8.
Which software versions are affected by CVE-2018-17445?
Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4 are affected by CVE-2018-17445.
What is the CWE category of CVE-2018-17445?
The CWE category of CVE-2018-17445 is CWE-77 (Improper Neutralization of Special Elements used in a Command ('Command Injection')).
How can I fix the Command Injection issue in Citrix SD-WAN and NetScaler SD-WAN?
To fix the Command Injection issue in Citrix SD-WAN and NetScaler SD-WAN, it is recommended to update to version 9.3.6 or later for NetScaler SD-WAN and version 10.0.4 or later for Citrix SD-WAN.
Where can I find more information about CVE-2018-17445?
More information about CVE-2018-17445 can be found at the following references: http://www.securityfocus.com/bid/105711, https://support.citrix.com/article/CTX236992.
- collector/nvd-index
- vendor/citrix
- canonical/citrix netscaler sd-wan
- version/citrix netscaler sd-wan/9.3.0
- version/citrix netscaler sd-wan/9.3.6
- version/citrix netscaler sd-wan/10.0.0
- version/citrix netscaler sd-wan/10.0.4
- canonical/citrix sd-wan
- version/citrix sd-wan/10.1.0