CVE-2022-27506 - OpenCVE

Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:C/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Citrix	Sd-wan 4100 Firmware Sd-wan 6100 Firmware Sd-wan 6100 Sd-wan 2100 Sd-wan 2000 Sd-wan 4000 Firmware Sd-wan 210 Sd-wan 210 Firmware Sd-wan 1100 Firmware Sd-wan 4000 Sd-wan 110 Sd-wan 110 Firmware Sd-wan 1100 Sd-wan 410 Firmware Sd-wan Center Management Console Sd-wan 5100 Firmware Sd-wan 5100 Sd-wan 410 Sd-wan 400 Firmware Sd-wan 2000 Firmware Sd-wan 400 Sd-wan 1000 Sd-wan 1000 Firmware Sd-wan 4100 Sd-wan Orchestrator Sd-wan 2100 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:citrix:sd-wan_110_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_110:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:citrix:sd-wan_210_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_210:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:citrix:sd-wan_400_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_400:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:citrix:sd-wan_410_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_410:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

OR	cpe:2.3:o:citrix:sd-wan_1000_firmware:::::premium:::*
	cpe:2.3:o:citrix:sd-wan_1000_firmware:::::standard:::*

cpe:2.3:h:citrix:sd-wan_1000:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

OR	cpe:2.3:o:citrix:sd-wan_2000_firmware:::::premium:::*
	cpe:2.3:o:citrix:sd-wan_2000_firmware:::::standard:::*

cpe:2.3:h:citrix:sd-wan_2000:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

OR	cpe:2.3:o:citrix:sd-wan_2100_firmware:::::premium:::*
	cpe:2.3:o:citrix:sd-wan_2100_firmware:::::standard:::*

cpe:2.3:h:citrix:sd-wan_2100:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:citrix:sd-wan_4000_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_4000:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:citrix:sd-wan_4100_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_4100:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

OR	cpe:2.3:o:citrix:sd-wan_5100_firmware:::::premium:::*
	cpe:2.3:o:citrix:sd-wan_5100_firmware:::::standard:::*

cpe:2.3:h:citrix:sd-wan_5100:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

OR	cpe:2.3:o:citrix:sd-wan_6100_firmware:::::premium:::*
	cpe:2.3:o:citrix:sd-wan_6100_firmware:::::standard:::*

cpe:2.3:h:citrix:sd-wan_6100:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

OR	cpe:2.3:o:citrix:sd-wan_1100_firmware:::::premium:::*
	cpe:2.3:o:citrix:sd-wan_1100_firmware:::::standard:::*

cpe:2.3:h:citrix:sd-wan_1100:-:*:*:*:*:*:*:*

Configuration 13 [-]

OR	cpe:2.3:a:citrix:sd-wan_center_management_console::::::::
	cpe:2.3:a:citrix:sd-wan_orchestrator:::::on-premises:::*

References

Link	Resource
https://support.citrix.com/article/CTX370550	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Citrix

Published: 2022-04-12T00:00:00

Updated: 2022-04-13T17:06:04

Reserved: 2022-03-21T00:00:00

Link: CVE-2022-27506

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-04-13T18:15:14.527

Modified: 2022-04-23T02:13:56.627

Link: CVE-2022-27506

JSON object: View

Redhat Information

No data.

CWE

CWE-798