Multiple vulnerabilities have been identified in the management interface of Citrix NetScaler SD-WAN physical appliances and virtual appliances. Collectively these vulnerabilities could allow an unauthenticated attacker with access to the management interface to compromise the host. http://www.scada.sl/2018/10/citrix-netscaler-sd-wan-bugsfixes.html CVE-2018-17444 - Directory traversal in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. CVE-2018-17445 - Command Injection in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. CVE-2018-17446 - SQL Injection in in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. CVE-2018-17447 - Information exposure through log files in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. CVE-2018-17448 - Incorrect Access Controls in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. CVE-2012-2104 - Munin Remote Command Injection Vulnerability. CVE-2016-4793 - The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header. Citrix NetScaler SD-WAN WAN Optimization Edition is not affected. Credits Denis Kolegov, Nikita Oleksov, Nikolay Tkachenko, Oleg Broslavsky, Sergey Gordeychik Kudos Citrix Security Response Team