Multiple Vulnerabilities in Citrix SD-WAN Contains Hard-Coded Credentials

Multiple vulnerabilities have been discovered in Citrix SD-WAN. Citrix SD-WAN is a software defined Wide Area Network (WAN) which can allow for easier management of multiple networks. The most severe of these vulnerabilities contains hard-coded credentials. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

There are currently no reports of these vulnerabilities being exploited in the wild.

Multiple vulnerabilities have been discovered in Citrix SD-WAN. The most severe of these vulnerabilities could allow for arbitrary JavaScript code execution. Details of the vulnerabilities are as follows:

• Reflected cross site scripting (XSS) could allow for arbitrary JavaScript code execution. (CVE-2022-27505)
• Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI. (CVE-2022-27506)
  Successful exploitation of the most severe of these vulnerabilities contains hard-coded credentials. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

We recommend the following actions be taken:

• Apply appropriate updates provided by Citrix to vulnerable systems, immediately after appropriate testing.
• Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
• Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
• Inform and educate users regarding threats posed by hypertext links contained in emails or attachments, especially from un-trusted sources.
• Apply the Principle of Least Privilege to all systems and services.