A command injection vulnerability in Citrix NITRO SDK's xen_hotfix page was discovered. The attacker-supplied command is executed with elevated privileges (nsroot). This issue can be used to compromise of the entire Citrix SDX appliance along with all underlying applications and data.
8363fa8786b4f33fcb611c65253aae741117e855eaa1f0692b41e980dc0efd9e