Back to CVE Browser

CVE-2019-12991

Known Exploited (CISA KEV)HIGH

8.8

CVSS Severity Score

EPSS Score66.3570%

EPSS Percentile88.31th

PublishedJul 16, 2019

Last ModifiedNov 6, 2025

Vulnerability Description

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).

Affected Platforms (CPE)

📦

Citrix

Netscaler Sd Wan

>= 10.0.0 and < 10.0.8

📦

Citrix

Sd Wan

>= 10.2.0 and < 10.2.3

References & Advisories

🔗 http://packetstormsecurity.com/files/153638/Citrix-SD-WAN-Appliance-10.2.2-Authentication-Bypass-Remote-Command-Execution.html

🔗 http://www.securityfocus.com/bid/109133

🔗 https://support.citrix.com/article/CTX251987

🔗 https://www.tenable.com/security/research/tra-2019-32

🔗 http://packetstormsecurity.com/files/153638/Citrix-SD-WAN-Appliance-10.2.2-Authentication-Bypass-Remote-Command-Execution.html

🔗 http://www.securityfocus.com/bid/109133

🔗 https://support.citrix.com/article/CTX251987

🔗 https://www.tenable.com/security/research/tra-2019-32

Related Vulnerabilities

CVE-2019-108839.8

Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection.

CVE-2019-129859.8

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).

CVE-2019-129869.8

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).

CVE-2019-129879.8

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).