Ask us how we can help secure your environment with the top 10-12 security enhancements every firm should have.  #ITCornerView

Product Security Alert:
Critical Citrix Vulnerability Allowing Malicious Attack

June 15, 2021

Urgency/Severity: HIGH

Issue / Vulnerability

Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO.

These vulnerabilities, if exploited, could result in the following security issues:

CVE-ID Description CWE Affected ProductsPre-conditions
CVE-2020-8299Network-based denial-of-service from within the same Layer 2 network segmentCWE-400: Uncontrolled Resource ConsumptionCitrix ADC, Citrix Gateway, Citrix SD-WAN WANOP EditionThe attacker machine must be in the same Layer 2 network segment as the vulnerable appliance
CVE-2020-8300SAML authentication hijack through a phishing attack to steal a valid user sessionCWE-284: Improper access controlCitrix ADC, Citrix GatewayCitrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP

Remediation/Action Plan

Citrix strongly recommends that affected customers install relevant firmware upgrades as soon as possible.

Please see this link for official advisory from Citrix:

https://support.citrix.com/article/CTX297155


Cornerstone.IT graphic

#LegalIT #ITCornerView

Contact us – We are here to assist you

Cornerstone.IT