CVE-2024-2049

Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.citrix.com/article/CTX617071/citrix-sdwan-security-bulletin-for-cve20242049	Broken Link
https://support.citrix.com/external/article?articleUrl=CTX617071-citrix-sdwan-security-bulletin-for-cve20242049&language=en_US	Vendor Advisory
https://support.citrix.com/article/CTX617071/citrix-sdwan-security-bulletin-for-cve20242049	Broken Link

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:citrix:sd-wan_1000_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_1000:-:*:*:*:standard:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:citrix:sd-wan_110_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_110:-:*:*:*:standard:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:citrix:sd-wan_1100_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_1100:-:*:*:*:standard:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:citrix:sd-wan_2000_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_2000:-:*:*:*:standard:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:citrix:sd-wan_210_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_210:-:*:*:*:standard:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:citrix:sd-wan_2100_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_2100:-:*:*:*:standard:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:citrix:sd-wan_400_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_400:-:*:*:*:standard:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:citrix:sd-wan_4000_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_4000:-:*:*:*:standard:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:citrix:sd-wan_410_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_410:-:*:*:*:standard:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:citrix:sd-wan_4100_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_4100:-:*:*:*:standard:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:citrix:sd-wan_5100_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_5100:-:*:*:*:standard:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:citrix:sd-wan_6100_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_6100:-:*:*:*:standard:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:citrix:sd-wan_1000_firmware:*:*:*:*:premium:*:*:*

cpe:2.3:h:citrix:sd-wan_1000:-:*:*:*:premium:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:citrix:sd-wan_1100_firmware:*:*:*:*:premium:*:*:*

cpe:2.3:h:citrix:sd-wan_1100:-:*:*:*:premium:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:citrix:sd-wan_2000_firmware:*:*:*:*:premium:*:*:*

cpe:2.3:h:citrix:sd-wan_2000:-:*:*:*:premium:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:citrix:sd-wan_2100_firmware:*:*:*:*:premium:*:*:*

cpe:2.3:h:citrix:sd-wan_2100:-:*:*:*:premium:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:citrix:sd-wan_6100_firmware:*:*:*:*:premium:*:*:*

cpe:2.3:h:citrix:sd-wan_6100:-:*:*:*:premium:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:citrix:sd-wan_5100_firmware:*:*:*:*:premium:*:*:*

cpe:2.3:h:citrix:sd-wan_5100:-:*:*:*:premium:*:*:*

History

No history.

Information

Published : 2024-03-12 13:15

Updated : 2025-07-25 15:36

NVD link : CVE-2024-2049

Mitre link : CVE-2024-2049

CVE.ORG link : CVE-2024-2049

JSON object : View

Products Affected

citrix

sd-wan_1100_firmware
sd-wan_110_firmware
sd-wan_4000
sd-wan_4100
sd-wan_6100
sd-wan_4100_firmware
sd-wan_110
sd-wan_2000
sd-wan_4000_firmware
sd-wan_2000_firmware
sd-wan_1100
sd-wan_400
sd-wan_1000_firmware
sd-wan_5100
sd-wan_2100
sd-wan_6100_firmware
sd-wan_210
sd-wan_410_firmware
sd-wan_1000
sd-wan_5100_firmware
sd-wan_2100_firmware
sd-wan_410
sd-wan_400_firmware
sd-wan_210_firmware

CWE

CWE-918

Server-Side Request Forgery (SSRF)

6.5 /10