Citrix announces the release of patches for fixing a set of 11 critical flaws found in three of its networking products: Citrix ADCCitrix Gateway, and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. As per the Citrix sources, the vulnerabilities don’t have any trace of active exploitation, and 5 out of the 11 flaws are said to have barriers to exploitation. Citrix claims that the attacks are limited to two factors: Management interface and Virtual IP (VIP)

Management interface: Systems can be compromised by an unauthenticated user through Cross-Site Scripting (XSS) on the management interface. Also, the local computer can be compromised if the created download link for the device is downloaded and then executed by an unauthenticated user on the management network.

Virtual IP (VIP): An unauthenticated user can perform a Denial of service attack against either the Gateway or Authentication virtual servers. Also, attackers can recognize whether a TLS connection is possible with the remote port scanning of the internal network made by an authenticated Citrix Gateway user. But cannot communicate further with the end devices.


Mitigation factors:

  • Customers who have configured their systems in accordance with Citrix recommendations are said to have reduced their risk from attacks to the management interface.
  • Customers who have disabled either the Gateway or Authentication virtual servers are not at risk from attacks that are applicable to Virtual IP servers.

Citrix Security Bulletin Summary : CTX276688

CVE: CVE-2019-18177
Products: Citrix ADC, Citrix Gateway
Impact: Information disclosure
Attacker privileges: Authenticated VPN user
Pre-conditions: Requires a configured SSL VPN endpoint


CVE: CVE-2020-8187
Products: Citrix ADC, Citrix Gateway 12.0 and 11.1 only
Impact: Denial of service
Attacker privileges: Unauthenticated remote user
Pre-conditions: Requires a configured SSL VPN or AAA endpoint


CVE: CVE-2020-8190
Products: Citrix ADC, Citrix Gateway
Impact: Local elevation of privileges
Attacker privileges: Authenticated user on the NSIP
Pre-conditions: This issue cannot be exploited directly. An attacker must first obtain nobody privileges using another exploit


CVE: CVE-2020-8191
Products: Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP
Impact: Reflected Cross-Site Scripting (XSS)
Attacker privileges: Unauthenticated remote user
Pre-conditions: Requires a victim who must open an attacker-controlled link in the browser whilst being on a network with connectivity to the NSIP


CVE: CVE-2020-8193
Products: Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP
Impact: Authorization bypass
Attacker privileges: Unauthenticated user with access to the NSIP
Pre-conditions: Attacker must be able to access the NSIP


CVE: CVE-2020-8194
Products: Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP
Impact: Code Injection
Attacker privileges: Unauthenticated remote user
Pre-conditions: Requires a victim who must download and execute a malicious binary from the NSIP


CVE: CVE-2020-8195
Products: Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP
Impact: Information disclosure
Attacker privileges: Authenticated user on the NSIP
Pre-conditions: None


CVE: CVE-2020-8196
Products: Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP
Impact: Information disclosure
Attacker privileges: Authenticated user on the NSIP
Pre-conditions: None


CVE: CVE-2020-8197
Products: Citrix ADC, Citrix Gateway
Impact: Elevation of privileges
Attacker privileges: Authenticated user on the NSIP
Pre-conditions: None


CVE: CVE-2020-8198
Products: Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP
Impact: Stored Cross-Site Scripting (XSS)
Attacker privileges: Unauthenticated remote user
Pre-conditions: None


CVE: CVE-2020-8199
Products: Citrix Gateway Plug-in for Linux
Impact: Local elevation of privileges
Attacker privileges: Local user on the Linux computer running Citrix Gateway Plug-in
Pre-conditions: A pre-installed version of Citrix Gateway Plug-in for Linux must be running


Solution

The following versions of Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP patch the vulnerabilities:

  • Citrix ADC and Citrix Gateway 13.0-58.30 and later releases
  • Citrix ADC and NetScaler Gateway 12.1-57.18 and later 12.1 releases
  • Citrix ADC and NetScaler Gateway 12.0-63.21 and later 12.0 releases
  • Citrix ADC and NetScaler Gateway 11.1-64.14 and later 11.1 releases
  • NetScaler ADC and NetScaler Gateway 10.5-70.18 and later 10.5 releases
  • Citrix SD-WAN WANOP 11.1.1a and later releases
  • Citrix SD-WAN WANOP 11.0.3d and later 11.0 releases
  • Citrix SD-WAN WANOP 10.2.7 and later 10.2 releases
  • Citrix Gateway Plug-in for Linux 1.0.0.137 and later versions

We recommend installing the necessary security updates for their Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP appliances as soon as possible to stay protected.

Subscribe For Latest Updates

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
Summary
Citrix Patches Critical vulnerabilities in Multiple Products
Article Name
Citrix Patches Critical vulnerabilities in Multiple Products
Author
Publisher Name
SecPod Technologies
Publisher Logo

Leave a Reply

Your email address will not be published. Required fields are marked *