Citrix Multiple High-Risk Vulnerabilities Threat Alert

Citrix Multiple High-Risk Vulnerabilities Threat Alert

July 21, 2020 | Adeline Zhang

Vulnerability Description

Recently, NSFOCUS detected that Citrix had released a security bulletin on the remediation of 11 vulnerabilities in Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP. Details are as follows:

CVE IDVulnerability TypeAffected ProductsAttacker PrivilegesPre-conditions
CVE-2019-18177Information disclosureCitrix ADC, Citrix GatewayAuthenticated VPN userRequires a configured SSL VPN endpoint
CVE-2020-8187Denial of serviceCitrix ADC, Citrix Gateway 12.0 and 11.1 onlyUnauthenticated remote userRequires a configured SSL VPN or AAA endpoint
CVE-2020-8190Local elevation of privilegesCitrix ADC, Citrix GatewayAuthenticated user on the NSIPThis issue cannot be exploited directly. An attacker must first obtain nobody privileges using another exploit.
CVE-2020-8191Reflected cross-site scripting (XSS)Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OPUnauthenticated remote userRequires a victim who must open an attacker-controlled link in the browser whilst being on a network with connectivity to the NSIP
CVE-2020-8193Authorization bypassCitrix ADC, Citrix Gateway, Citrix SDWAN WAN-OPUnauthenticated user with access to the NSIPAttacker must be able to access the NSIP.
CVE-2020-8194Code injectionCitrix ADC, Citrix Gateway, Citrix SDWAN WAN-OPUnauthenticated remote userRequires a victim who must download and execute a malicious binary from the NSIP
CVE-2020-8195Information disclosureCitrix ADC, Citrix Gateway, Citrix SDWAN WAN-OPAuthenticated user on the NSIP
CVE-2020-8196Information disclosureCitrix ADC, Citrix Gateway, Citrix SDWAN WAN-OPAuthenticated user on the NSIP
CVE-2020-8197Elevation of privilegesCitrix ADC, Citrix GatewayAuthenticated user on the NSIP
CVE-2020-8198Stored cross-site scripting (XSS)Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OPUnauthenticated remote userRequires a victim who must be logged in as an administrator (nsroot) on the NSIP
CVE-2020-8199Local elevation of privilegesCitrix Gateway Plug-in for LinuxLocal user on the Linux computer running Citrix Gateway Plug-inA pre-installed version of Citrix Gateway Plug-in for Linux must be running.

At present, PoCs of some vulnerabilities have been available on the Internet. Users are advised to upgrade Citrix products to a fixed version as soon as possible.

Citrix is a platform that integrates the functions of network management, firewalls, and gateways. Citrix ADC is a comprehensive application delivery and load balancing solution for monolithic and microservice-based applications. Citrix SD-WAN WANOP is used to optimize WAN links.

Reference link:

https://support.citrix.com/article/CTX276688

Scope of Impact

Affected Versions

  • Citrix ADC and Citrix Gateway < 13.0-58.30
  • Citrix ADC and NetScaler Gateway < 12.1-57.18
  • Citrix ADC and NetScaler Gateway < 12.0-63.21
  • Citrix ADC and NetScaler Gateway < 11.1-64.14
  • NetScaler ADC and NetScaler Gateway < 10.5-70.18
  • Citrix SD-WAN WANOP < 11.1.1a
  • Citrix SD-WAN WANOP < 11.0.3d
  • Citrix SD-WAN WANOP < 10.2.7
  • Citrix Gateway Plug-in for Linux < 1.0.0.137

Unaffected Versions

  • Citrix ADC and Citrix Gateway >= 13.0-58.30
  • Citrix ADC and NetScaler Gateway >= 12.1-57.18
  • Citrix ADC and NetScaler Gateway >= 12.0-63.21
  • Citrix ADC and NetScaler Gateway >= 11.1-64.14
  • NetScaler ADC and NetScaler Gateway 10.5-70.18
  • Citrix SD-WAN WANOP >= 11.1.1a
  • Citrix SD-WAN WANOP >= 11.0.3d
  • Citrix SD-WAN WANOP >= 10.2.7
  • Citrix Gateway Plug-in for Linux >= 1.0.0.137

Mitigation

Official Fix

Currently, the vendor has released versions to fix the vulnerabilities in all the products with official support. Affected users are advised to upgrade as soon as possible by downloading appropriate versions from the following link:

https://www.citrix.com/downloads/citrix-adc/
https://www.citrix.com/downloads/citrix-gateway/
https://www.citrix.com/downloads/citrix-sd-wan/

Note: Users of Citrix Gateway Plug-in for Linux need to log in to an updated version of Citric Gateway, choose the “Network VPN mode”, and then complete the upgrade as prompted.

Workarounds

Users unable to immediately upgrade to the latest version are advised to take measures to restrict access to the management interface. For more information, see the official guide from the vendor:

https://docs.citrix.com/zh-cn/citrix-adc/citrix-adc-secure-deployment/secure-deployment-guide.html

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA). A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.