Citrix fixes 11 flaws in ADC, Gateway, and SD-WAN WANOP appliances


Citrix fixes 11 flaws in ADC, Gateway, and SD-WAN WANOP appliances

Citrix today patched a set of 11 vulnerabilities found to affect its Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP (appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO) networking products.

According to Citrix, these vulnerabilities are not related to CVE-2019-19781 remote code execution flaw the company patched in January 2020 and do not affect cloud versions of Citrix appliances.

The patches released today by Citrix fully resolve all the security issues, and customers are urged to apply them as soon as possible to defend against potential attacks designed to exploit them.

Citrix is not aware of any active exploitation of these issues in the wild and says that 5 of the 11 security vulnerabilities also have barriers preventing exploitation.

“There are barriers to many of these attacks; in particular, for customers where there is no untrustworthy traffic on the management network, the remaining risk reduces to a denial-of-service attack,” Citrix’s CISO Fermin J. Serna explains.

“And in that case, only when Gateway or authentication virtual servers are being used. Other virtual servers, for example, load balancing and content switching virtual servers, are not affected by the issue.”

Even though the barriers lower the risk of exploitation, Citrix strongly recommends customers to apply patches as quickly as possible.

Denial of service, privilege escalation, and code injection

A security advisory with detailed information on these vulnerabilities and links to all the firmware updates is available on the Citrix website.

A list of all vulnerabilities fixed by Citrix in ADC, Gateway, and SD-WAN WANOP appliances can be found in the table embedded below, together with CVE IDs, the affected products, and pre-conditions needed for exploitation.

CVE IDVulnerability TypeAffected ProductsAttacker PrivilegesPre-conditions
CVE-2019-18177Information disclosureCitrix ADC, Citrix GatewayAuthenticated VPN userRequires a configured SSL VPN endpoint
CVE-2020-8187Denial of serviceCitrix ADC, Citrix Gateway 12.0 and 11.1 onlyUnauthenticated remote userRequires a configured SSL VPN or AAA endpoint
CVE-2020-8190Local elevation of privilegesCitrix ADC, Citrix GatewayAuthenticated user on the NSIPThis issue cannot be exploited directly. An attacker must first obtain nobody privileges using another exploit
CVE-2020-8191Reflected Cross Site Scripting (XSS)Citrix ADC, Citrix Gateway, Citrix SDWAN WANOPUnauthenticated remote userRequires a victim who must open an attacker-controlled link in the browser while being on a network with connectivity to the NSIP
CVE-2020-8193Authorization bypassCitrix ADC, Citrix Gateway, Citrix SDWAN WANOPUnauthenticated user with access to the NSIPAttacker must be able to access the NSIP
CVE-2020-8194Code InjectionCitrix ADC, Citrix Gateway, Citrix SDWAN WANOPUnauthenticated remote userRequires a victim who must download and execute a malicious binary from the NSIP
CVE-2020-8195Information disclosureCitrix ADC, Citrix Gateway, Citrix SDWAN WANOPAuthenticated user on the NSIP
CVE-2020-8196Information disclosureCitrix ADC, Citrix Gateway, Citrix SDWAN WANOPAuthenticated user on the NSIP
CVE-2020-8197Elevation of privilegesCitrix ADC, Citrix GatewayAuthenticated user on the NSIP
CVE-2020-8198Stored Cross Site Scripting (XSS)Citrix ADC, Citrix Gateway, Citrix SDWAN WANOPUnauthenticated remote userRequires a victim who must be logged in as an administrator (nsroot) on the NSIP
CVE-2020-8199Local elevation of privilegesCitrix Gateway Plug-in for LinuxLocal user on the Linux computer running Citrix Gateway Plug-inA pre-installed version of Citrix Gateway Plug-in for Linux must be running

The following versions of Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP remediate the vulnerabilities: 

  • Citrix ADC and Citrix Gateway 13.0-58.30 and later releases
  • Citrix ADC and NetScaler Gateway 12.1-57.18 and later 12.1 releases
  • Citrix ADC and NetScaler Gateway 12.0-63.21 and later 12.0 releases
  • Citrix ADC and NetScaler Gateway 11.1-64.14 and later 11.1 releases
  • NetScaler ADC and NetScaler Gateway 10.5-70.18 and later 10.5 releases
  • Citrix SD-WAN WANOP 11.1.1a and later releases
  • Citrix SD-WAN WANOP 11.0.3d and later 11.0 releases
  • Citrix SD-WAN WANOP 10.2.7 and later 10.2 releases
  • Citrix Gateway Plug-in for Linux 1.0.0.137 and later versions

Customers are advised to download and apply the latest builds for their Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP appliances as soon as possible.

If you are unable to immediately update to the latest version, you should ensure that access to the management interface is restricted using the steps detailed here.

Outcomes of successful exploitation

If successfully exploited, these vulnerabilities could lead to various security issues depending on the targeted area.

Thus, attacks that are limited to the management interface could lead to:
• System compromise by an unauthenticated user on the management network.
• System compromise through Cross Site Scripting (XSS) on the management interface
• Creation of a download link for the device which, if downloaded and then executed by an unauthenticated user on the management network, may result in the compromise of their local computer.

Customers who have configured their systems in accordance with Citrix recommendations in https://docs.citrix.com/en-us/citrix-adc/citrix-adc-secure-deployment/secure-deployment-guide.html have significantly reduced their risk from attacks to the management interface,” Citrix explains.

Attacks that are applicable to a Virtual IP (VIP)could result in:
• Denial of service against either the Gateway or Authentication virtual servers by an unauthenticated user (the load balancing virtual server is unaffected).
• Remote port scanning of the internal network by an authenticated Citrix Gateway user. Attackers can only discern whether a TLS connection is possible with the port and cannot communicate further with the end devices.

“Customers who have not enabled either the Gateway or Authentication virtual servers are not at risk from attacks that are applicable to those servers,” the company adds. “Other virtual servers e.g. load balancing and content switching virtual servers are not affected by these issues.”

One of the security issues patched today and found in the Citrix Gateway Plugin for Linux (tracked as CVE-2020-8199) can also be abused by local users to elevate privileges to an admin account.



Source link

Recent articles

Ohio Governor Says His Flawed Virus Test Shouldn’t Undercut New, Rapid Methods

Gov. Mike DeWine of Ohio, who last week tested positive for the coronavirus, then negative and then negative again, said on CNN on...

Egypt extends detention of Al Jazeera journalist Mahmoud Hussein | News

Egyptian authorities have extended the detention of Al Jazeera journalist Mahmoud Hussein by another 45 days. The extension on Sunday came more than 1,300...

Created with Blender 2.8: ‘Take on me’ cover: Arrangement for Flute orchestras

PiDi writes: 'Take on me' cover: Arrangement for Flute orchestras (Cover) Similar to the original video, it looks like a comic book. All image effects were...

Looks Like AT&T Cancelled Plans for WB Interactive Sale

Following months of reports about its sale, Warner Bros. Interactive Entertainment seems to be resting safely with AT&T for now, if comments by...

Leave a reply

Please enter your comment!
Please enter your name here