CVE-2024-2049

MEDIUM

Citrix SD-WAN Standard/Premium Editions 11.4.0-11.4.4.46 - Server-Side Request Forgery via Management IP Access

Title source: llm

Description

Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP.

References (2)

Core 2

Core References

Broken Link

https://support.citrix.com/article/CTX617071/citrix-sdwan-security-bulletin-for-cve20242049

Vendor Advisory

https://support.citrix.com/external/article?articleUrl=CTX617071-citrix-sdwan-security-bulletin-for-cve20242049&language=en_US

Scores

CVSS v3 6.5

EPSS 0.0019

EPSS Percentile 41.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (12)

citrix/sd-wan_1000_firmware 11.4.0 - 11.4.4.46 (2 CPE variants)

citrix/sd-wan_1100_firmware 11.4.0 - 11.4.4.46 (2 CPE variants)

citrix/sd-wan_110_firmware 11.4.0 - 11.4.4.46

citrix/sd-wan_2000_firmware 11.4.0 - 11.4.4.46 (2 CPE variants)

citrix/sd-wan_2100_firmware 11.4.0 - 11.4.4.46 (2 CPE variants)

citrix/sd-wan_210_firmware 11.4.0 - 11.4.4.46

citrix/sd-wan_4000_firmware 11.4.0 - 11.4.4.46

citrix/sd-wan_400_firmware 11.4.0 - 11.4.4.46

citrix/sd-wan_4100_firmware 11.4.0 - 11.4.4.46

citrix/sd-wan_410_firmware 11.4.0 - 11.4.4.46

... and 2 more

Published Mar 12, 2024

Tracked Since Feb 18, 2026