Citrix Security Updates for Critical vulnerabilities in Citrix ADC, Gateway and SD-WAN
Citrix announces the release of patches for fixing a set of 11 critical flaws found in three of its networking products: Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. However, As per the Citrix sources, the vulnerabilities don’t have an...
Citrix announces the release of patches for fixing a set of 11 critical flaws found in three of its networking products: Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. However, As per the Citrix sources, the vulnerabilities don’t have any trace of active exploitation, and 5 out of the 11 flaws are said to have barriers to exploitation. However, a Vulnerability Management Solution can prevent these attacks. And hence, a vulnerability management tool can assist you in these problems. Therefore, Citrix claims that the attacks are limited to two factors: Management interface and Virtual IP (VIP).
Management interface: Systems can be compromised by an unauthenticated user through Cross-Site Scripting (XSS) on the management interface. Hence, the local computer can be compromised if the created download link for the device is downloaded and then executed by an unauthenticated user on the management network. This can be prevented by auto patching of vulnerabilities.
Virtual IP (VIP): An unauthenticated user can perform a Denial of service attack against either the Gateway or Authentication virtual servers. Also, finally, attackers can recognize whether a TLS connection is possible with the remote port scanning of the internal network made by an authenticated Citrix Gateway user. But cannot communicate further with the end devices.
Mitigation factors:
- However, Customers who have configured their systems in accordance with Citrix recommendations are said to have reduced their risk from attacks on the management interface.
- Moreover, the customers who have disabled either the Gateway or Authentication virtual servers are not at risk from attacks that are, therefore, applicable to Virtual IP servers.
Citrix Security Updates Summary: CTX276688
1)CVE: CVE-2019-18177Products: Citrix ADC, Citrix GatewayImpact: Information disclosureAttacker privileges: Authenticated VPN userPre-conditions: Requires a configured SSL VPN endpoint
2)CVE: CVE-2020-8187Products: Citrix ADC, Citrix Gateway 12.0 and 11.1 onlyImpact: Denial of serviceAttacker privileges: Unauthenticated remote userPre-conditions: Requires a configured SSL VPN or AAA endpoint
3)CVE: CVE-2020-8190Products: Citrix ADC and then Citrix GatewayImpact: Local elevation of privilegesAttacker privileges: Authenticated user on the NSIPPre-conditions: This issue cannot be exploited directly. An attacker must first obtain nobody privileges using another exploit
4)CVE: CVE-2020-8191Products: Citrix ADC, Citrix Gateway and then Citrix SDWAN WAN-OPImpact: Reflected Cross-Site Scripting (XSS)Attacker privileges: Unauthenticated remote userPre-conditions: Requires a victim who must open an attacker-controlled link in the browser whilst being on a network with connectivity to the NSIP
5)CVE: CVE-2020-8193Products: Citrix ADC, Citrix Gateway and then Citrix SDWAN WAN-OPImpact: Authorization bypassAttacker privileges: Unauthenticated user with access to the NSIPPre-conditions: Attacker must be able to access the NSIP
6)CVE: CVE-2020-8194Products: Citrix ADC, Citrix Gateway and then Citrix SDWAN WAN-OPImpact: Code InjectionAttacker privileges: Unauthenticated remote userPre-conditions: Requires a victim who must download and execute a malicious binary from the NSIP
7)CVE: CVE-2020-8195Products: Citrix ADC, Citrix Gateway and then Citrix SDWAN WAN-OPImpact: Information disclosureAttacker privileges: Authenticated user on the NSIPPre-conditions: None
8)CVE: CVE-2020-8196Products: Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OPImpact: Information disclosureAttacker privileges: Authenticated user on the NSIPPre-conditions: None
9)CVE: CVE-2020-8197Products: Citrix ADC, Citrix GatewayImpact: Elevation of privilegesAttacker privileges: Authenticated user on the NSIPPre-conditions: None
10)CVE: CVE-2020-8198Products: Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OPImpact: Stored Cross-Site Scripting (XSS)Attacker privileges: Unauthenticated remote userPre-conditions: None
11)CVE: CVE-2020-8199Products: Citrix Gateway Plug-in for LinuxImpact: Local elevation of privilegesAttacker privileges: Local user on the Linux computer running Citrix Gateway Plug-inPre-conditions: A pre-installed version of Citrix Gateway Plug-in for Linux must be running
Solution
The following versions of Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP patch the vulnerabilities:
- Citrix ADC and Citrix Gateway 13.0-58.30 and later releases
- Citrix ADC and NetScaler Gateway 12.1-57.18 and later 12.1 releases
- Citrix ADC and NetScaler Gateway 12.0-63.21 and later 12.0 releases
- Citrix ADC and NetScaler Gateway 11.1-64.14 and later 11.1 releases
- NetScaler ADC and NetScaler Gateway 10.5-70.18 and later 10.5 releases
- Citrix SD-WAN WANOP 11.1.1a and later releases
- Citrix SD-WAN WANOP 11.0.3d and later 11.0 releases
- Citrix SD-WAN WANOP 10.2.7 and later 10.2 releases
- Citrix Gateway Plug-in for Linux 1.0.0.137 and later versions
Therefore, we recommend installing the necessary security updates for their Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP appliances as soon as possible to hence, stay protected.