CVE-2024-2049

Published Mar 12, 2024
Last updated 8 months ago
CVSS medium 6.5
Overview

Description: Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP.
Source: secure@citrix.com
NVD status: Analyzed
Products: sd-wan_1000_firmware, sd-wan_110_firmware, sd-wan_1100_firmware, sd-wan_2000_firmware, sd-wan_210_firmware, sd-wan_2100_firmware, sd-wan_400_firmware, sd-wan_4000_firmware, sd-wan_410_firmware, sd-wan_4100_firmware, sd-wan_5100_firmware, sd-wan_6100_firmware
Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM
Weaknesses

secure@citrix.com: CWE-918
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:citrix:sd-wan_1000_firmware:*:*:*:*:standard:*:*:*",
            "matchCriteriaId": "76CD1B07-1DD4-403E-843B-DF4DB5B351C6",
            "versionEndExcluding": "11.4.4.46",
            "versionStartIncluding": "11.4.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:citrix:sd-wan_1000:-:*:*:*:standard:*:*:*",
            "matchCriteriaId": "B5438795-5950-47DE-AD87-82A2F4D6D568",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:citrix:sd-wan_110_firmware:*:*:*:*:standard:*:*:*",
            "matchCriteriaId": "85D31B36-E836-4A4B-B7B2-CD8E222C44F4",
            "versionEndExcluding": "11.4.4.46",
            "versionStartIncluding": "11.4.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:citrix:sd-wan_110:-:*:*:*:standard:*:*:*",
            "matchCriteriaId": "92435A9E-6673-4A7F-8283-F37B131BC4DE",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:citrix:sd-wan_1100_firmware:*:*:*:*:standard:*:*:*",
            "matchCriteriaId": "64D38F42-3CB3-4B51-AB9E-75657CDE563B",
            "versionEndExcluding": "11.4.4.46",
            "versionStartIncluding": "11.4.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:citrix:sd-wan_1100:-:*:*:*:standard:*:*:*",
            "matchCriteriaId": "9E3C0E94-BCDD-4957-8D9A-2B8F5EB70574",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:citrix:sd-wan_2000_firmware:*:*:*:*:standard:*:*:*",
            "matchCriteriaId": "979F7E87-1C9B-460C-8171-1036BD645CCF",
            "versionEndExcluding": "11.4.4.46",
            "versionStartIncluding": "11.4.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:citrix:sd-wan_2000:-:*:*:*:standard:*:*:*",
            "matchCriteriaId": "860D6524-264F-4F88-AAA3-7C4CA0EC55B0",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:citrix:sd-wan_210_firmware:*:*:*:*:standard:*:*:*",
            "matchCriteriaId": "BD7E15AA-74EF-4D64-8506-BFE42E9EAD9B",
            "versionEndExcluding": "11.4.4.46",
            "versionStartIncluding": "11.4.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:citrix:sd-wan_210:-:*:*:*:standard:*:*:*",
            "matchCriteriaId": "91CB177A-8EAE-456C-B559-2088E7CF8E32",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:citrix:sd-wan_2100_firmware:*:*:*:*:standard:*:*:*",
            "matchCriteriaId": "DE978723-D64A-45CD-B111-F73EA1C77A31",
            "versionEndExcluding": "11.4.4.46",
            "versionStartIncluding": "11.4.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:citrix:sd-wan_2100:-:*:*:*:standard:*:*:*",
            "matchCriteriaId": "31195A4E-7EB1-4367-8AD2-A3AC253F5B78",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:citrix:sd-wan_400_firmware:*:*:*:*:standard:*:*:*",
            "matchCriteriaId": "44103C47-C3C3-4BFF-A3AF-6A5E3942CE38",
            "versionEndExcluding": "11.4.4.46",
            "versionStartIncluding": "11.4.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:citrix:sd-wan_400:-:*:*:*:standard:*:*:*",
            "matchCriteriaId": "BE40B2DD-CD9D-4EB7-AAC0-4B1DB58A5DD0",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:citrix:sd-wan_4000_firmware:*:*:*:*:standard:*:*:*",
            "matchCriteriaId": "41DC9108-6989-4E76-94DD-C45617CBEDEA",
            "versionEndExcluding": "11.4.4.46",
            "versionStartIncluding": "11.4.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:citrix:sd-wan_4000:-:*:*:*:standard:*:*:*",
            "matchCriteriaId": "A39BE60C-C539-4E5B-A483-4DBB9653470D",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:citrix:sd-wan_410_firmware:*:*:*:*:standard:*:*:*",
            "matchCriteriaId": "874FC81B-F21B-4A1C-84D8-31E41D11E2BA",
            "versionEndExcluding": "11.4.4.46",
            "versionStartIncluding": "11.4.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:citrix:sd-wan_410:-:*:*:*:standard:*:*:*",
            "matchCriteriaId": "AADD71C2-D011-4358-97DA-9551C73AE500",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:citrix:sd-wan_4100_firmware:*:*:*:*:standard:*:*:*",
            "matchCriteriaId": "ACCE06C2-66B6-4B8E-9F31-30D99C904AE6",
            "versionEndExcluding": "11.4.4.46",
            "versionStartIncluding": "11.4.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:citrix:sd-wan_4100:-:*:*:*:standard:*:*:*",
            "matchCriteriaId": "8D566367-ADB2-4B3F-A5A0-1A59CC852DCE",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:citrix:sd-wan_5100_firmware:*:*:*:*:standard:*:*:*",
            "matchCriteriaId": "E84EEC33-730A-4F55-BE89-264C576E9E96",
            "versionEndExcluding": "11.4.4.46",
            "versionStartIncluding": "11.4.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:citrix:sd-wan_5100:-:*:*:*:standard:*:*:*",
            "matchCriteriaId": "1A9165FB-FA3B-48CA-8F95-838D9E146E24",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:citrix:sd-wan_6100_firmware:*:*:*:*:standard:*:*:*",
            "matchCriteriaId": "2AFB141C-762A-4D4E-B9A8-49A7BFB10060",
            "versionEndExcluding": "11.4.4.46",
            "versionStartIncluding": "11.4.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:citrix:sd-wan_6100:-:*:*:*:standard:*:*:*",
            "matchCriteriaId": "539913FB-58FF-4C92-831D-27A1F5562C25",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:citrix:sd-wan_1000_firmware:*:*:*:*:premium:*:*:*",
            "matchCriteriaId": "FED84B7F-C5FD-483F-A07C-DB7647883D4F",
            "versionEndExcluding": "11.4.4.46",
            "versionStartIncluding": "11.4.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:citrix:sd-wan_1000:-:*:*:*:premium:*:*:*",
            "matchCriteriaId": "07DE6E51-078C-4071-AD06-6B95D9E5054E",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:citrix:sd-wan_1100_firmware:*:*:*:*:premium:*:*:*",
            "matchCriteriaId": "B9467588-F79F-4195-A2B3-D365F7B9A90D",
            "versionEndExcluding": "11.4.4.46",
            "versionStartIncluding": "11.4.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:citrix:sd-wan_1100:-:*:*:*:premium:*:*:*",
            "matchCriteriaId": "A4C21748-F802-4274-BCB1-23F3F8013A87",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:citrix:sd-wan_2000_firmware:*:*:*:*:premium:*:*:*",
            "matchCriteriaId": "43BB6BAB-6E52-4F94-BC03-DED3D3B8BF2A",
            "versionEndExcluding": "11.4.4.46",
            "versionStartIncluding": "11.4.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:citrix:sd-wan_2000:-:*:*:*:premium:*:*:*",
            "matchCriteriaId": "6439B964-A8B9-455B-9724-7CB76806EED6",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:citrix:sd-wan_2100_firmware:*:*:*:*:premium:*:*:*",
            "matchCriteriaId": "499A3152-C623-4DFD-B989-C473C9A9B306",
            "versionEndExcluding": "11.4.4.46",
            "versionStartIncluding": "11.4.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:citrix:sd-wan_2100:-:*:*:*:premium:*:*:*",
            "matchCriteriaId": "69C163C7-65FF-4C39-BF65-5555CD1269E1",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:citrix:sd-wan_6100_firmware:*:*:*:*:premium:*:*:*",
            "matchCriteriaId": "AB1CF36A-0751-4CB9-A1ED-CC63472123E0",
            "versionEndExcluding": "11.4.4.46",
            "versionStartIncluding": "11.4.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:citrix:sd-wan_6100:-:*:*:*:premium:*:*:*",
            "matchCriteriaId": "E3FEEA2C-572C-42E7-98A3-731D2BA6CDB2",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:citrix:sd-wan_5100_firmware:*:*:*:*:premium:*:*:*",
            "matchCriteriaId": "8233AB68-1082-4E2D-B4D1-DFF31100BB6B",
            "versionEndExcluding": "11.4.4.46",
            "versionStartIncluding": "11.4.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:citrix:sd-wan_5100:-:*:*:*:premium:*:*:*",
            "matchCriteriaId": "853E002B-4534-48E6-8FCE-C01B1255366A",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
References

Sources include official advisories and independent security research.
Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References
