Citrix SD-WAN has been studied before by Chris Lyne of Tenable. The main bug presented by Tenable was bypassing authentication by using the. Collector endpoint to reach diagnostics. Citrix decided to block this access by adding the. access restriction in the apache configuration at /etc/apache2/sites-enabled-enabled. Bypassing the. drop-point function after the path traversal of the. endpoint will be treated as the. name of the endpoint as a. user after the. path handler handler. Each. endpoint is treated a. function as a reference to a. file with user controlled content anywhere (for example, using /collector/uploaded. an arbitrary shell.”]