CVE-2019-12991

HIGH KEV

Citrix SD-WAN 10.2.0-10.2.2 and NetScaler SD-WAN 10.0.0-10.0.7 - OS Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2019-12991 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 25, 2022. EIP tracks 1 public exploit from researchers including Chris Lyne.

AI-analyzed exploit summary This exploit chains CVE-2019-12989 (SQL injection for auth bypass) and CVE-2019-12991 (command injection) to achieve unauthenticated remote code execution on Citrix SD-WAN appliances. It writes a token file via SQLi and uses it to bypass authentication, then triggers a reverse shell via command injection.

Description

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).

Exploits (1)

exploitdb WORKING POC VERIFIED
by Chris Lyne · pythonwebappscgi
https://www.exploit-db.com/exploits/47112

This exploit chains CVE-2019-12989 (SQL injection for auth bypass) and CVE-2019-12991 (command injection) to achieve unauthenticated remote code execution on Citrix SD-WAN appliances. It writes a token file via SQLi and uses it to bypass authentication, then triggers a reverse shell via command injection.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Citrix SD-WAN Appliance 10.2.2
No auth needed
Prerequisites: Network access to the target · Netcat listener for reverse shell
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2019-32
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/109133
Vendor Advisory x_refsource_misc
https://support.citrix.com/article/CTX251987

Scores

CVSS v3 8.8
EPSS 0.7451
EPSS Percentile 99.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2022-03-25
VulnCheck KEV 2020-12-01
InTheWild.io 2019-12-13
ENISA EUVD EUVD-2019-4566
CWE
CWE-78
Status published
Products (2)
citrix/netscaler_sd-wan 10.0.0 - 10.0.8
citrix/sd-wan 10.2.0 - 10.2.3
Published Jul 16, 2019
KEV Added Mar 25, 2022
Tracked Since Feb 18, 2026