CVE-2024-2049

Name of the Vulnerable Software and Affected Versions Citrix SD-WAN Standard/Premium Editions versions 11.4.0 through 11.4.4.46

Description The issue is related to Server-Side Request Forgery (SSRF) and is caused by insufficient validation of requests on the server side. This allows an attacker to disclose limited information from the appliance via access to the management IP by sending a specially crafted HTTP request.

Recommendations For versions 11.4.0 through 11.4.4.46, update to a version after 11.4.4.46 to resolve the issue. As a temporary workaround, consider restricting access to the management IP to minimize the risk of exploitation.