| Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 suffers from a command injection vulnerability. This vulnerability can be exploited by a remote, authenticated attacker to execute OS commands with root privileges. Specifically, the 'installfile' parameter value is not validated prior to using it in a call to the Perl system() function. |
