Security Alert (A20-07-04): Multiple Vulnerabilities in Citrix Products

Description:

Multiple vulnerabilities have been found in Citrix Application Delivery Controller, Citrix Gateway and Citrix SD-WAN WANOP.  An attacker may send specially crafted commands or inject malicious codes to an affected system to exploit the vulnerabilities.

Affected Systems:

• Citrix ADC and Citrix Gateway prior to version 13.0-58.30
• Citrix ADC and NetScaler Gateway prior to version 12.1-57.18
• Citrix ADC and NetScaler Gateway prior to version 12.0-63.21
• Citrix ADC and NetScaler Gateway prior to version 11.1-64.14
• NetScaler ADC and NetScaler Gateway prior to version 10.5-70.18
• Citrix SD-WAN WANOP prior to version 11.1.1a
• Citrix SD-WAN WANOP prior to version 11.0.3d
• Citrix SD-WAN WANOP prior to version 10.2.7
• Citrix Gateway Plug-in for Linux prior to version 1.0.0.137

Impact:

Successful exploitation could lead to arbitrary code execution, authorisation bypass, denial of service, elevation of privileges, information disclosure and cross site scripting on an affected system.

Recommendation:

Citrix has released new versions to address the vulnerabilities to mitigate the issue. The details could be found at the following URL:

https://support.citrix.com/article/CTX276688

Administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

More Information:

https://support.citrix.com/article/CTX276688
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8187
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8193 (to CVE-2020-8199)