Citrix SD-WAN Center - Remote Command Injection (CVE-2019-12988)

Citrix SD-WAN Center is susceptible to remote command injection via the addModifyZTDProxy function in NmsController. The function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for ztd_password, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.

Citrix SD-WAN Center 存在远程命令注入漏洞，该漏洞可通过 NmsController 中的 addModifyZTDProxy 函数触发。该函数未能充分验证或净化用于构建壳命令的 HTTP 请求参数值。攻击者可通过将流量路由至 Collector 控制器并供应精心构造的 ztd_password 值，从而可能获取敏感信息、修改数据或执行未授权操作。