team-bg-img
time 1 minute read

Helient Systems :

by Richard Charlton
Senior Systems Engineer

On 7 July 2020, Citrix announced that it identified vulnerabilities across several of its networking products.

These include:

  • Citrix ADC (formerly known as NetScaler ADC)
  • Citrix Gateway (formerly known as BetScaler Gateway)
  • Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO

The vulnerabilities may be broadly split into two categories:

  • Attacks against the management interface:
    • System compromise by an unauthenticated user on the management network.
    • System compromise through Cross Site Scripting (XSS) on the management interface
    • Creation of a download link for the device which, if downloaded and then executed by an unauthenticated user on the management network, may result in the compromise of their local computer
  • Attacks against virtual IPs (VIPs)
    • Denial of service against either the Gateway or Authentication virtual servers by an unauthenticated user (the load balancing virtual server is unaffected).
    • Remote port scanning of the internal network by an authenticated Citrix Gateway user. Attackers can only discern whether a TLS connection is possible with the port and cannot communicate further with the end devices.

Full details of the vulnerabilities can be found at https://support.citrix.com/article/CTX276688.

The above vulnerabilities have been addressed in the latest firmware releases for all affected products. While no known exploits are currently available, Helient and Citrix are advising that customers perform firmware updates as soon as possible. For most customers this will mean an upgrade to Citrix ADC/Citrix Gateway 12.1-57.18. We also advise users of Citrix ADM to upgrade their appliances to the latest release at the same time.

If you would like more information or assistance from our industry-leading team of Citrix experts to plan and execute the upgrade, please contact us at service@helient.com.