Citrix issued new security patches for as many as 11 security flaws that affect it's networking products
Citrix issued new security patches for as many as 11 security flaws that affect it's networking products - Citrix Application Delivery Controller (ADC), Citrix Gateway, and SD-WAN WAN Optimization edition (WANOP).
The vulnerabilities are not related to CVE-2019-19781, and the company is not aware of any active exploitation so far.
The Citrix products (formerly known as NetScaler ADC and Gateway) are used for application-aware traffic management and secure remote access, respectively. According to Decemberassessment from Positive Technologies, around 80,000 companies in 158 countries.
Out of 11 vulnerabilities, there are six possible attacks routes; five of those have barriers to prevent exploitation. Three of six possible attacks in CTX276688 happen in the management interface of a vulnerable device. Two of the remaining three possible attacks would require a malicious actor to gain access to a target device and conduct an attack.
Other flaws confirmed Tuesday also affect Citrix SD-WAN WANOP appliances, models 4000-WO, 4100-WO, 5000-WO and 5100-WO.
Threat actors could also mount attacks on Virtual IPs (VIPs). VIPs, among other things, are used to provide users with a unique IP address for communicating with network resources for applications that do not allow multiple connections or users from the same IP address.
The VIP attacks comprise denial of service against either the Gateway or Authentication virtual servers by an unauthenticated user; or remote port scanning of the internal network by an authenticated Citrix Gateway user.
“There are barriers to many of these attacks; in particular, for customers where there is no untrustworthy traffic on the management network, the remaining risk reduces to a denial-of-service attack. And in that case, only when Gateway or authentication virtual servers are being used. Other virtual servers, for example, load balancing and content switching virtual servers, are not affected by the issue, ” reported Citrix Blogs.
A final vulnerability found in Citrix Gateway Plug-in for Linux that would allow a locally logged-on user of a Linux system with that plug-in installed to improve their privileges to an administrator account on that computer, the company said.
The full list of vulnerabilities patched by Citrix is given in the below table:
| CVE ID | Vulnerability Type | Affected Products | Attacker Privileges | Pre-conditions |
| CVE-2019-18177 | Information disclosure | Citrix ADC, Citrix Gateway | Authenticated VPN user | Requires a configured SSL VPN endpoint |
| CVE-2020-8187 | Denial of service | Citrix ADC, Citrix Gateway 12.0 and 11.1 only | Unauthenticated remote user | Requires a configured SSL VPN or AAA endpoint |
| CVE-2020-8190 | Local elevation of privileges | Citrix ADC, Citrix Gateway | Authenticated user on the NSIP | This issue cannot be exploited directly. An attacker must first obtain nobody privileges using another exploit |
| CVE-2020-8191 | Reflected Cross Site Scripting (XSS) | Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP | Unauthenticated remote user | Requires a victim who must open an attacker-controlled link in the browser while being on a network with connectivity to the NSIP |
| CVE-2020-8193 | Authorization bypass | Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP | Unauthenticated user with access to the NSIP | Attacker must be able to access the NSIP |
| CVE-2020-8194 | Code Injection | Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP | Unauthenticated remote user | Requires a victim who must download and execute a malicious binary from the NSIP |
| CVE-2020-8195 | Information disclosure | Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP | Authenticated user on the NSIP | – |
| CVE-2020-8196 | Information disclosure | Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP | Authenticated user on the NSIP | – |
| CVE-2020-8197 | Elevation of privileges | Citrix ADC, Citrix Gateway | Authenticated user on the NSIP | – |
| CVE-2020-8198 | Stored Cross Site Scripting (XSS) | Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP | Unauthenticated remote user | Requires a victim who must be logged in as an administrator (nsroot) on the NSIP |
| CVE-2020-8199 | Local elevation of privileges | Citrix Gateway Plug-in for Linux | Local user on the Linux computer running Citrix Gateway Plug-in | A pre-installed version of Citrix Gateway Plug-in for Linux must be running |
Citrix released updates for all supported versions of Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP and customers need to install these updates immediately.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: “BlueLeaks” Exposes Data of 200 US police Departments and Exposed Online