CVE-2024-2049 - Vulnerability Details

Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00167.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Citrix	Citrix Sd Wan Premium Edition Citrix Sd Wan Standard Edition Sd-wan 1000 Sd-wan 1000 Firmware Sd-wan 110 Sd-wan 1100 Sd-wan 1100 Firmware Sd-wan 110 Firmware Sd-wan 2000 Sd-wan 2000 Firmware Sd-wan 210 Sd-wan 2100 Sd-wan 2100 Firmware Sd-wan 210 Firmware Sd-wan 400 Sd-wan 4000 Sd-wan 4000 Firmware Sd-wan 400 Firmware Sd-wan 410 Sd-wan 4100 Sd-wan 4100 Firmware Sd-wan 410 Firmware Sd-wan 5100 Sd-wan 5100 Firmware Sd-wan 6100 Sd-wan 6100 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:citrix:sd-wan_1000_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_1000:-:*:*:*:standard:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:citrix:sd-wan_110_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_110:-:*:*:*:standard:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:citrix:sd-wan_1100_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_1100:-:*:*:*:standard:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:citrix:sd-wan_2000_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_2000:-:*:*:*:standard:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:citrix:sd-wan_210_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_210:-:*:*:*:standard:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:citrix:sd-wan_2100_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_2100:-:*:*:*:standard:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:citrix:sd-wan_400_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_400:-:*:*:*:standard:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:citrix:sd-wan_4000_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_4000:-:*:*:*:standard:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:citrix:sd-wan_410_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_410:-:*:*:*:standard:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:citrix:sd-wan_4100_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_4100:-:*:*:*:standard:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:citrix:sd-wan_5100_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_5100:-:*:*:*:standard:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:citrix:sd-wan_6100_firmware:*:*:*:*:standard:*:*:*

cpe:2.3:h:citrix:sd-wan_6100:-:*:*:*:standard:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:citrix:sd-wan_1000_firmware:*:*:*:*:premium:*:*:*

cpe:2.3:h:citrix:sd-wan_1000:-:*:*:*:premium:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:citrix:sd-wan_1100_firmware:*:*:*:*:premium:*:*:*

cpe:2.3:h:citrix:sd-wan_1100:-:*:*:*:premium:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:citrix:sd-wan_2000_firmware:*:*:*:*:premium:*:*:*

cpe:2.3:h:citrix:sd-wan_2000:-:*:*:*:premium:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:citrix:sd-wan_2100_firmware:*:*:*:*:premium:*:*:*

cpe:2.3:h:citrix:sd-wan_2100:-:*:*:*:premium:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:citrix:sd-wan_6100_firmware:*:*:*:*:premium:*:*:*

cpe:2.3:h:citrix:sd-wan_6100:-:*:*:*:premium:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:citrix:sd-wan_5100_firmware:*:*:*:*:premium:*:*:*

cpe:2.3:h:citrix:sd-wan_5100:-:*:*:*:premium:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-27014	Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.citrix.com/article/CTX617071/citrix-sdwan-security-bulletin-for-cve20242049
https://support.citrix.com/external/article?articleUrl=CTX617071-citrix-sdwan-security-bulletin-for-cve20242049&language=en_US

History

Fri, 25 Jul 2025 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Citrix sd-wan 1000 Citrix sd-wan 1000 Firmware Citrix sd-wan 110 Citrix sd-wan 1100 Citrix sd-wan 1100 Firmware Citrix sd-wan 110 Firmware Citrix sd-wan 2000 Citrix sd-wan 2000 Firmware Citrix sd-wan 210 Citrix sd-wan 2100 Citrix sd-wan 2100 Firmware Citrix sd-wan 210 Firmware Citrix sd-wan 400 Citrix sd-wan 4000 Citrix sd-wan 4000 Firmware Citrix sd-wan 400 Firmware Citrix sd-wan 410 Citrix sd-wan 4100 Citrix sd-wan 4100 Firmware Citrix sd-wan 410 Firmware Citrix sd-wan 5100 Citrix sd-wan 5100 Firmware Citrix sd-wan 6100 Citrix sd-wan 6100 Firmware
CPEs		cpe:2.3:h:citrix:sd-wan_1000:-::::premium::: cpe:2.3:h:citrix:sd-wan_1000:-::::standard::: cpe:2.3:h:citrix:sd-wan_1100:-::::premium::: cpe:2.3:h:citrix:sd-wan_1100:-::::standard::: cpe:2.3:h:citrix:sd-wan_110:-::::standard::: cpe:2.3:h:citrix:sd-wan_2000:-::::premium::: cpe:2.3:h:citrix:sd-wan_2000:-::::standard::: cpe:2.3:h:citrix:sd-wan_2100:-::::premium::: cpe:2.3:h:citrix:sd-wan_2100:-::::standard::: cpe:2.3:h:citrix:sd-wan_210:-::::standard::: cpe:2.3:h:citrix:sd-wan_4000:-::::standard::: cpe:2.3:h:citrix:sd-wan_400:-::::standard::: cpe:2.3:h:citrix:sd-wan_4100:-::::standard::: cpe:2.3:h:citrix:sd-wan_410:-::::standard::: cpe:2.3:h:citrix:sd-wan_5100:-::::premium::: cpe:2.3:h:citrix:sd-wan_5100:-::::standard::: cpe:2.3:h:citrix:sd-wan_6100:-::::premium::: cpe:2.3:h:citrix:sd-wan_6100:-::::standard::: cpe:2.3:o:citrix:sd-wan_1000_firmware:::::premium:::* cpe:2.3:o:citrix:sd-wan_1000_firmware:::::standard:::* cpe:2.3:o:citrix:sd-wan_1100_firmware:::::premium:::* cpe:2.3:o:citrix:sd-wan_1100_firmware:::::standard:::* cpe:2.3:o:citrix:sd-wan_110_firmware:::::standard:::* cpe:2.3:o:citrix:sd-wan_2000_firmware:::::premium:::* cpe:2.3:o:citrix:sd-wan_2000_firmware:::::standard:::* cpe:2.3:o:citrix:sd-wan_2100_firmware:::::premium:::* cpe:2.3:o:citrix:sd-wan_2100_firmware:::::standard:::* cpe:2.3:o:citrix:sd-wan_210_firmware:::::standard:::* cpe:2.3:o:citrix:sd-wan_4000_firmware:::::standard:::* cpe:2.3:o:citrix:sd-wan_400_firmware:::::standard:::* cpe:2.3:o:citrix:sd-wan_4100_firmware:::::standard:::* cpe:2.3:o:citrix:sd-wan_410_firmware:::::standard:::* cpe:2.3:o:citrix:sd-wan_5100_firmware:::::premium:::* cpe:2.3:o:citrix:sd-wan_5100_firmware:::::standard:::* cpe:2.3:o:citrix:sd-wan_6100_firmware:::::premium:::* cpe:2.3:o:citrix:sd-wan_6100_firmware:::::standard:::*
Vendors & Products		Citrix sd-wan 1000 Citrix sd-wan 1000 Firmware Citrix sd-wan 110 Citrix sd-wan 1100 Citrix sd-wan 1100 Firmware Citrix sd-wan 110 Firmware Citrix sd-wan 2000 Citrix sd-wan 2000 Firmware Citrix sd-wan 210 Citrix sd-wan 2100 Citrix sd-wan 2100 Firmware Citrix sd-wan 210 Firmware Citrix sd-wan 400 Citrix sd-wan 4000 Citrix sd-wan 4000 Firmware Citrix sd-wan 400 Firmware Citrix sd-wan 410 Citrix sd-wan 4100 Citrix sd-wan 4100 Firmware Citrix sd-wan 410 Firmware Citrix sd-wan 5100 Citrix sd-wan 5100 Firmware Citrix sd-wan 6100 Citrix sd-wan 6100 Firmware
References		https://support.citrix.com/external/article?articleUrl=CTX617071-citrix-sdwan-security-bulletin-for-cve20242049&language=en_US

Tue, 15 Apr 2025 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Citrix Citrix citrix Sd Wan Premium Edition Citrix citrix Sd Wan Standard Edition
CPEs		cpe:2.3:a:citrix:citrix_sd_wan_premium_edition:::::::: cpe:2.3:a:citrix:citrix_sd_wan_standard_edition::::::::
Vendors & Products		Citrix Citrix citrix Sd Wan Premium Edition Citrix citrix Sd Wan Standard Edition
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Citrix

Published: 2024-03-12T12:39:45.077Z

Updated: 2025-04-15T15:26:57.364Z

Reserved: 2024-03-01T01:10:49.328Z

Link: CVE-2024-2049

Vulnrichment

Updated: 2024-08-01T19:03:37.853Z

NVD

Status : Analyzed

Published: 2024-03-12T13:15:49.807

Modified: 2025-07-25T15:36:48.663

Link: CVE-2024-2049

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object