{"id":14968,"date":"2020-07-09T00:02:00","date_gmt":"2020-07-08T22:02:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=14968"},"modified":"2020-07-08T18:45:34","modified_gmt":"2020-07-08T16:45:34","slug":"vulnerabilities-in-citrix-adc-gateway-sd-wan-patch-asap","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/07\/09\/vulnerabilities-in-citrix-adc-gateway-sd-wan-patch-asap\/","title":{"rendered":"Vulnerabilities in Citrix ADC, Gateway &amp; SD-Wan, patch asap"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/2020\/07\/08\/schwachstellen-in-citrix-adc-gateway-sd-wan-patchen\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]There are critical vulnerabilities in various Citrix products. The vendor has released security updates for Citrix Application Delivery Controller, Citrix Gateway and Citrix SD-WAN WANOP appliance. Administrators should urgently install the updates.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg04.met.vgwort.de\/na\/caf71fab13ef49ea8dba05a204070380\" width=\"1\" height=\"1\">A blog reader has informed me by mail (thanks for that) that Citrix has published a <a href=\"https:\/\/support.citrix.com\/article\/CTX276688\" target=\"_blank\" rel=\"noopener noreferrer\">security advisory<\/a> about the vulnerabilities as of July 7, 2020. These vulnerabilities were discovered by external security researchers from Akamai, Digital 14 etc. and reported to the vendor.&nbsp; <\/p>\n<h2>The vulnerabilities <\/h2>\n<p>Multiple vulnerabilities have been discovered in Citrix Application Delivery Controller (ADC, formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO and 5100-WO. <\/p>\n<p><a href=\"https:\/\/i.imgur.com\/t1PL527.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" title=\"Citrix vulnerabilities July 2020\" alt=\"Citrix vulnerabilities July 2020\" src=\"https:\/\/i.imgur.com\/t1PL527.jpg\" width=\"656\" height=\"501\"><\/a>(Citrix Vulnerabilities, <a href=\"https:\/\/i.imgur.com\/t1PL527.jpg\" target=\"_blank\" rel=\"noopener noreferrer\">Click to zoom<\/a>)<\/p>\n<p>These vulnerabilities, if exploited, can lead to a number of security problems. Several attack scenarios are possible.<\/p>\n<h3>The management interface as a point of attack<\/h3>\n<p>For example, attacks on the management interface make it possible:<\/p>\n<ul>\n<li>system compromise by an unauthenticated user on the managed network.\n<li>System compromise through Cross Site Scripting (XSS) attacks on the management interface\n<li>Creating a download link for the device that, if downloaded and then run by an unauthenticated user on the management network, can lead to the compromise of their local computer.<\/li>\n<\/ul>\n<p>Customers who have configured their systems in accordance with <a href=\"https:\/\/docs.citrix.com\/en-us\/citrix-adc\/citrix-adc-secure-deployment\/secure-deployment-guide.html\" target=\"_blank\" rel=\"noopener noreferrer\">Citrix recommendations<\/a> have significantly reduced their risk of attacks on the management interface.<\/p>\n<h3>Virtual IP (VIP) as point of attack<\/h3>\n<p>The vulnerabilities additionally allow attacks that can be applied to a virtual IP (VIP).<\/p>\n<ul>\n<li>Denial of service either against the virtual gateway or authentication servers by an unauthenticated user (the virtual server with load balancing is not affected).\n<li>Remote port scanning of the internal network by an authenticated Citrix Gateway user. Attackers can only detect whether a TLS connection to the port is possible and cannot continue to communicate with the end devices. <\/li>\n<\/ul>\n<p>Customers who have neither the virtual gateway nor authentication server enabled are not exposed to the risk of attacks applicable to these servers. Other virtual servers, such as virtual servers with load balancing and content switching, are not affected by these problems.<\/p>\n<h3>Vulnerability in Citrix Gateway Plug-in for Linux <\/h3>\n<p>In addition, a vulnerability has been found in the Citrix Gateway Plug-in for Linux that would allow a locally logged on user of a Linux system on which this plug-in is installed to increase his privileges to an administrator account on that computer.<\/p>\n<h2>Updates products<\/h2>\n<p>The following versions of Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP fix the vulnerabilities\u202f<\/p>\n<ul>\n<li>Citrix ADC and Citrix Gateway 13.0-58.30 and later versions\n<li>Citrix ADC and NetScaler Gateway 12.1-57.18 and later versions 12.1\n<li>Citrix ADC and NetScaler Gateway 12.0-63.21 and later versions 12.0\n<li>Citrix ADC and NetScaler Gateway 11.1-64.14 and later versions 11.1\n<li>NetScaler ADC and NetScaler Gateway 10.5-70.18 and later versions 10.5\n<li>Citrix SD-WAN WANOP 11.1.1a and later versions\n<li>Citrix SD-WAN WANOP 11.0.3d and later versions 11.0\n<li>Citrix SD-WAN WANOP 10.2.7 and later versions 10.2\n<li>Citrix Gateway-Plug-in for Linux 1.0.0.137 and later versions <\/li>\n<\/ul>\n<p>Builds with fixed vulnerabilities have been released for all supported versions of Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP. Citrix strongly recommends customers to install these updates immediately. The latest builds can be downloaded from the following download addresses<\/p>\n<p><a href=\"https:\/\/www.citrix.com\/downloads\/citrix-adc\/\" target=\"_blank\" rel=\"noopener noreferrer\">Citrix ADC<\/a><br \/><a href=\"https:\/\/www.citrix.com\/downloads\/citrix-gateway\/\" target=\"_blank\" rel=\"noopener noreferrer\">Citrix Gateway<\/a><br \/><a href=\"https:\/\/www.citrix.com\/downloads\/citrix-sd-wan\/\" target=\"_blank\" rel=\"noopener noreferrer\">Citrix SD-WAN WANOP<\/a><\/p>\n<p>Customers who are not able to upgrade to the latest version immediately are advised to ensure that access to the management interface is restricted. Further information can be found <a href=\"https:\/\/docs.citrix.com\/en-us\/citrix-adc\/citrix-adc-secure-deployment\/secure-deployment-guide.html\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>. <\/p>\n<p>Users with Citrix Gateway plug-in for Linux should log in to an upgraded version of Citrix Gateway and select \"Network VPN Mode\". Citrix Gateway will then prompt the user to update. Customers with the Citrix Gateway service managed by Citrix do not need to take any action.<\/p>\n<p><strong>Similar articles:<br \/><\/strong><a href=\"https:\/\/borncity.com\/win\/2020\/01\/13\/poc-for-citrix-adc-netscaler-vulnerability-cve-2019-19781\/\">PoC for Citrix ADC\/Netscaler vulnerability CVE-2019-19781<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/01\/17\/further-actions-required-for-citrix-netscaler-vulnerability\/\">Further actions required for Citrix Netscaler vulnerability<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/01\/20\/citrix-adc-netscaler-patches-11-1-12-0-released-01-19-2020\/\">Citrix ADC\/Netscaler patches 11.1\/12.0 released (01\/19\/2020)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/01\/24\/citrix-vulnerability-new-updates-and-scanners-for-testing\/\">Citrix vulnerability: New updates and scanners for testing<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/01\/25\/cyber-attacks-on-citrix-city-of-brandenburg-and-community-stahnsdorf-offline\/\">Cyber attacks on Citrix: City of Brandenburg and community Stahnsdorf offline<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/02\/23\/tipp-citrix-storefront-und-ssl-zertifikat\/\">Tip: Citrix StoreFront and SSL Certificates<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/01\/28\/ragnarok-ransomware-targets-citrix-adc-stops-defender\/\">Ragnarok Ransomware targets Citrix ADC, stops Defender<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/03\/17\/neue-schwachstellen-cve-2020-10110-cve-2020-10111-cve-2020-10112-in-citrix-gateway\/\">New vulnerabilities CVE-2020-10110, CVE-2020-10111, CVE-2020-10112 in Citrix Gateway<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2019\/12\/24\/schwachstelle-in-citrix-produkten-gefhrdet-firmen-netzwerke\/\">Vulnerability in Citrix Apps put companies at risk<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2019\/05\/02\/citrix-workspace-app-comes-w-o-vc-runtime-from-v1904\/\">Citrix Workspace-App comes w\/o VC++ Runtime from V1904<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]There are critical vulnerabilities in various Citrix products. The vendor has released security updates for Citrix Application Delivery Controller, Citrix Gateway and Citrix SD-WAN WANOP appliance. Administrators should urgently install the updates.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[448,580,1547,22],"tags":[2222,701,195],"class_list":["post-14968","post","type-post","status-publish","format-standard","hentry","category-devices","category-security","category-software","category-update","tag-citrix","tag-device","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/14968","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=14968"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/14968\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=14968"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=14968"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=14968"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}