Enhancement: cves/2019/CVE-2019-12987.yaml by md

cves/2019/CVE-2019-12987.yaml

@@ -1,15 +1,15 @@
 id: CVE-2019-12987
 
 info:
-  name: Citrix SD-WAN Center - Unauthenticated Remote Command Injection
+  name: Citrix SD-WAN Center - Remote Command Injection
   author: gy741
   severity: critical
   description: |
-    The apply action in StorageMgmtController is susceptible to command injection by a remote, unauthenticated attacker. Specifically, the callStoragePerl function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying an array value with crafted values for action, host, path, or type.
+    Citrix SD-WAN Center is susceptible to remote command injection via the apply action in StorageMgmtController. The callStoragePerl function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying an array value with crafted values for action, host, path, or type, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2019-12987
     - https://www.tenable.com/security/research/tra-2019-31
     - https://support.citrix.com/article/CTX251987
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-12987
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -41,3 +41,5 @@ requests:
       - type: dsl
         dsl:
           - 'contains(body_1, "<title>Citrix SD-WAN</title>")'
+
+# Enhanced by md on 2023/04/12