A vulnerability has been identified in the management interface of the Citrix NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition appliances. This vulnerability, if exploited, could allow an attacker with access to the management interface of the appliance’s NetScaler ADC instance to gain administrative access to the instance.
This vulnerability has been assigned the following CVE number:
- CVE-2017-14602: Authentication Bypass Vulnerability in Citrix NetScaler ADC and NetScaler Gateway Management Interface
This vulnerability affects the following combinations of Citrix NetScaler SD-WAN/Cloudbridge hardware and software:
- Citrix NetScaler SD-WAN 4000, 4100, 5000 and 5100 WAN Optimization Edition appliances, when running software versions 9.0.x, 9.1.x, 9.2 earlier than 220.127.116.112 or software version 9.3 earlier than 18.104.22.1680.
- Citrix NetScaler SD-WAN/Cloudbridge 4000 and 5000 WAN Optimization Edition appliances, when running software version 7 earlier than 22.214.171.1242.