Citrix Software Inc., a multinational American software company whose products are used by 99% of Fortune 100 companies recently released a patch for 11 vulnerabilities that affect Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP (appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO).
Citrix says these 11 vulnerabilities are in no way part of the CVE-2019-19781 remote code execution flaw that they patched in January and do not affect any cloud versions. The software solutions company stated that this patch provides all-out security and advised users to activate the patch to prevent any potential attack and has barriers to defend against attacks.
"There are barriers to many of these attacks; in particular, for customers where there is no untrustworthy traffic on the management network, the remaining risk reduces to a denial-of-service attack. And in that case, only when Gateway or authentication virtual servers are being used. Other virtual servers, for example, load balancing and content switching virtual servers, are not affected by the issue" Citrix's CISO Fermin J. Serna said in a statement.
These versions of Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP has the patched vulnerabilities-
- Citrix ADC and Citrix Gateway 13.0-58.30 and later releases
- Citrix ADC and NetScaler Gateway 12.1-57.18 and later 12.1 releases
- Citrix ADC and NetScaler Gateway 12.0-63.21 and later 12.0 releases
- Citrix ADC and NetScaler Gateway 11.1-64.14 and later 11.1 releases
- NetScaler ADC and NetScaler Gateway 10.5-70.18 and later 10.5 releases
- Citrix SD-WAN WANOP 11.1.1a and later releases
- Citrix SD-WAN WANOP 11.0.3d and later 11.0 releases
- Citrix SD-WAN WANOP 10.2.7 and later 10.2 releases
- Citrix Gateway Plug-in for Linux 1.0.0.137 and later versions
It's best to download and install these as soon as possible for their Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP appliances. If the software doesn't show the update then you can check out Citrix's website for the same.
These vulnerabilities, if not fixed could lead to major exploitation depending on the targeted area-
Attacks on management interface could result in-
"System compromise by an unauthenticated user on the management network. • System compromise through Cross-Site Scripting (XSS) on the management interface • Creation of a download link for the device which, if downloaded and then executed by an unauthenticated user on the management network, may result in the compromise of their local computer."
Attacks on Virtual IP (VIP) could lead to-
"Denial of service against either the Gateway or Authentication virtual servers by an unauthenticated user (the load balancing virtual server is unaffected). • Remote port scanning of the internal network by an authenticated Citrix Gateway user. Attackers can only discern whether a TLS connection is possible with the port and cannot communicate further with the end devices."