Vulnerabilities have been discovered in multiple Citrix SD-WAN products. These vulnerabilities, if exploited, could result in the following security issues: 

The following supported versions of Citrix SD-WAN are affected by the vulnerabilities 

• CVE-2022-27505 – High Severity 

Citrix SD-WAN Standard/Premium Edition Appliance before 11.4.3a 

• CVE-2022-27506 – Low Severity 

Citrix SD-WAN Center Management Console versions before 11.4.3 

Citrix SD-WAN Standard/Premium Edition Appliance versions before 11.4.1 

Citrix SD-WAN Orchestrator for On-Premises versions before 13.2.1 

Mitigating Factors

• CVE-2022-27506: This issue is only exposed to administrators with access to the SD-WAN CLI 

Instructions

• CVE-2022-27505:  
  Citrix recommends that affected customers upgrade to a fixed version as soon as possible. This issue has been addressed in the following supported Citrix SD-WAN versions: 

Citrix SD-WAN Standard/Premium Edition Appliance versions 11.4.3a and above 

• CVE-2022-27506:  

Citrix recommends that affected customers upgrade to a fixed version as their patching schedule allows. This issue has been addressed in the following supported Citrix SD-WAN versions: 

Citrix SD-WAN Center Management Console versions 11.4.3 and above 

Citrix SD-WAN Standard/Premium Edition Appliance versions 11.4.1 and above 

Citrix SD-WAN Orchestrator for On-Premises versions 13.2.1 and above 

Acknowledgements