Jump to content

Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update

tech.guru
By tech.guru
in Tech News
 Share
Posted

Summary

 Multiple critical security flaw exists in ADC firmware and customers should apply the latest firmware as soon as possible

 

Quotes

Quote

Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO.

 

Attacks that are limited to the management interface

  • System compromise by an unauthenticated user on the management network.
  • System compromise through Cross Site Scripting (XSS) on the management interface
  • Creation of a download link for the device which, if downloaded and then executed by an unauthenticated user on the management network, may result in the compromise of their local computer.

Attacks that are applicable to a Virtual IP (VIP)

  • Denial of service against either the Gateway or Authentication virtual servers by an unauthenticated user (the load balancing virtual server is unaffected).
  • Remote port scanning of the internal network by an authenticated Citrix Gateway user. Attackers can only discern whether a TLS connection is possible with the port and cannot communicate further with the end devices. 

In addition, a vulnerability has been found in Citrix Gateway Plug-in for Linux that would allow a local logged-on user of a Linux system with that plug-in installed to elevate their privileges to an administrator account on that computer.

 

Quote

The following versions of Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP remediate the vulnerabilities: 

  • Citrix ADC and Citrix Gateway 13.0-58.30 and later releases
  • Citrix ADC and NetScaler Gateway 12.1-57.18 and later 12.1 releases
  • Citrix ADC and NetScaler Gateway 12.0-63.21 and later 12.0 releases
  • Citrix ADC and NetScaler Gateway 11.1-64.14 and later 11.1 releases
  • NetScaler ADC and NetScaler Gateway 10.5-70.18 and later 10.5 releases
  • Citrix SD-WAN WANOP 11.1.1a and later releases
  • Citrix SD-WAN WANOP 11.0.3d and later 11.0 releases
  • Citrix SD-WAN WANOP 10.2.7 and later 10.2 releases
  • Citrix Gateway Plug-in for Linux 1.0.0.137 and later versions

 

My thoughts

 Companies should apply the firmware ASAP. These devices are deployed for many companies to provide remote access into there local area networks.

 

Securing the management network should be also investigated if not done already. netscaler management  (NSIP) should be on a dedicated vlan or network behind a stateful firewall allowing access from trusted devices only 

 

this will limit the impact of some of these vulnerabilities and may help limit future vulnerabilities

 

Sources

https://support.citrix.com/article/CTX276688

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

>here comes yet another reason to hate Citrix.

 

Thought I guess they did put out an update lol

 

 

~New~  BoomBerryPi project !  ~New~


new build log : http://linustechtips.com/main/topic/533392-build-log-the-scrap-simulator-x/?p=7078757 (5 screen flight sim for 620$ CAD)LTT Web Challenge is back ! go here  :  http://linustechtips.com/main/topic/448184-ltt-web-challenge-3-v21/#entry601004

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Tech News

×