Vulnerability in Citirx Citrix Sd-wan
CVE-2022-27506
Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI
EPSS: 0.006 (45.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 2.7 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Citirx Citrix Sd-wan — versions unspecified, Citrix SD-WAN Orchestrator for On-Premises versions 13.2.1
- Citrix Sd-wan_1000
- Citrix Sd-wan_1000_firmware
- Citrix Sd-wan_110
- Citrix Sd-wan_1100
- Citrix Sd-wan_1100_firmware
- Citrix Sd-wan_110_firmware
- Citrix Sd-wan_2000
- Citrix Sd-wan_2000_firmware
- Citrix Sd-wan_210
Weakness classification (CWE)
References
- secure@citrix.com (x_refsource_MISC, Vendor Advisory)
Frequently asked questions
- What is CVE-2022-27506?
- CVE-2022-27506 is a low-severity vulnerability in Citirx Citrix Sd-wan, classified under Use of Hard-coded Credentials. CVSS score: 2.7/10. Published 2022-04-13.
- How severe is CVE-2022-27506?
- Low severity. CVSS v3 base score is 2.7 out of 10.