Select Page

Citrix yesterday issued new security patches for as many as 11 security flaws that affect its Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WAN Optimisation edition (WANOP) networking products.

Successful exploitation of these critical flaws could let unauthenticated attackers perform code injection, information disclosure, and even denial-of-service attacks against the gateway or the authentication virtual servers.

Citrix confirmed that the aforementioned issues do not impact other virtual servers, such as load balancing and content switching virtual servers.

Among the affected Citrix SD-WAN WANOP appliances include models 4000-WO, 4100-WO, 5000-WO, and 5100-WO.

The networking vendor also reiterated that these vulnerabilities were not connected to a previously fixed zero-day NetScaler flaw (tagged as CVE-2019-19781) that allowed bad actors to perform arbitrary code execution even without proper authentication.

It also said there’s no evidence the newly disclosed flaws are exploited in the wild and that barriers to exploitation of these flaws are high.

“Of the 11 vulnerabilities, there are six possible attacks routes; five of those have barriers to exploitation,” Citrix’s CISO Fermin Serna said. “Two of the remaining three possible attacks additionally require some form of existing access. That effectively means an external malicious actor would first need to gain unauthorised access to a vulnerable device to be able to conduct an attack.”

Although Citrix has refrained from publishing technical details of the vulnerabilities citing malicious actors’ efforts to leverage the patches and the information to reverse engineer exploits, attacks on the management interface of the products could result in system compromise by an unauthenticated user, or through Cross-Site Scripting (XSS) on the management interface.

An adversary could also create a download link for a vulnerable device, which could result in the compromise of a local computer upon execution by an unauthenticated user on the management network.

images from Hacker News