Citrix announces the release of patches for fixing a set of 11 critical flaws found in three of its networking products: Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. However, As per the Citrix sources, the vulnerabilities don’t have any trace of active exploitation, and 5 out of the 11 flaws are said to have barriers to exploitation. However, a Vulnerability Management Solution can prevent these attacks. And hence, a vulnerability management tool can assist you in these problems. Therefore, Citrix claims that the attacks are limited to two factors: Management interface and Virtual IP (VIP).
Management interface: Systems can be compromised by an unauthenticated user through Cross-Site Scripting (XSS) on the management interface. Hence, the local computer can be compromised if the created download link for the device is downloaded and then executed by an unauthenticated user on the management network. This can be prevented by auto patching of vulnerabilities.
Virtual IP (VIP): An unauthenticated user can perform a Denial of service attack against either the Gateway or Authentication virtual servers. Also, finally, attackers can recognize whether a TLS connection is possible with the remote port scanning of the internal network made by an authenticated Citrix Gateway user. But cannot communicate further with the end devices.
Mitigation factors:
- However, Customers who have configured their systems in accordance with Citrix recommendations are said to have reduced their risk from attacks on the management interface.
- Moreover, the customers who have disabled either the Gateway or Authentication virtual servers are not at risk from attacks that are, therefore, applicable to Virtual IP servers.
Citrix Security Updates Summary: CTX276688
1)CVE: CVE-2019-18177
Products: Citrix ADC, Citrix Gateway
Impact: Information disclosure
Attacker privileges: Authenticated VPN user
Pre-conditions: Requires a configured SSL VPN endpoint
2)CVE: CVE-2020-8187
Products: Citrix ADC, Citrix Gateway 12.0 and 11.1 only
Impact: Denial of service
Attacker privileges: Unauthenticated remote user
Pre-conditions: Requires a configured SSL VPN or AAA endpoint
3)CVE: CVE-2020-8190
Products: Citrix ADC and then Citrix Gateway
Impact: Local elevation of privileges
Attacker privileges: Authenticated user on the NSIP
Pre-conditions: This issue cannot be exploited directly. An attacker must first obtain nobody privileges using another exploit
4)CVE: CVE-2020-8191
Products: Citrix ADC, Citrix Gateway and then Citrix SDWAN WAN-OP
Impact: Reflected Cross-Site Scripting (XSS)
Attacker privileges: Unauthenticated remote user
Pre-conditions: Requires a victim who must open an attacker-controlled link in the browser whilst being on a network with connectivity to the NSIP
5)CVE: CVE-2020-8193
Products: Citrix ADC, Citrix Gateway and then Citrix SDWAN WAN-OP
Impact: Authorization bypass
Attacker privileges: Unauthenticated user with access to the NSIP
Pre-conditions: Attacker must be able to access the NSIP
6)CVE: CVE-2020-8194
Products: Citrix ADC, Citrix Gateway and then Citrix SDWAN WAN-OP
Impact: Code Injection
Attacker privileges: Unauthenticated remote user
Pre-conditions: Requires a victim who must download and execute a malicious binary from the NSIP
7)CVE: CVE-2020-8195
Products: Citrix ADC, Citrix Gateway and then Citrix SDWAN WAN-OP
Impact: Information disclosure
Attacker privileges: Authenticated user on the NSIP
Pre-conditions: None
8)CVE: CVE-2020-8196
Products: Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP
Impact: Information disclosure
Attacker privileges: Authenticated user on the NSIP
Pre-conditions: None
9)CVE: CVE-2020-8197
Products: Citrix ADC, Citrix Gateway
Impact: Elevation of privileges
Attacker privileges: Authenticated user on the NSIP
Pre-conditions: None
10)CVE: CVE-2020-8198
Products: Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP
Impact: Stored Cross-Site Scripting (XSS)
Attacker privileges: Unauthenticated remote user
Pre-conditions: None
11)CVE: CVE-2020-8199
Products: Citrix Gateway Plug-in for Linux
Impact: Local elevation of privileges
Attacker privileges: Local user on the Linux computer running Citrix Gateway Plug-in
Pre-conditions: A pre-installed version of Citrix Gateway Plug-in for Linux must be running
Solution
The following versions of Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP patch the vulnerabilities:
- Citrix ADC and Citrix Gateway 13.0-58.30 and later releases
- Citrix ADC and NetScaler Gateway 12.1-57.18 and later 12.1 releases
- Citrix ADC and NetScaler Gateway 12.0-63.21 and later 12.0 releases
- Citrix ADC and NetScaler Gateway 11.1-64.14 and later 11.1 releases
- NetScaler ADC and NetScaler Gateway 10.5-70.18 and later 10.5 releases
- Citrix SD-WAN WANOP 11.1.1a and later releases
- Citrix SD-WAN WANOP 11.0.3d and later 11.0 releases
- Citrix SD-WAN WANOP 10.2.7 and later 10.2 releases
- Citrix Gateway Plug-in for Linux 1.0.0.137 and later versions
Therefore, we recommend installing the necessary security updates for their Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP appliances as soon as possible to hence, stay protected.