Citrix Endpoint Management Multi Vulnerabilities Alert

On August 13, 2020, Citrix officially released a risk notice for the Citrix Endpoint Management component, including multiple vulnerabilities of varying levels.

Citrix Endpoint Management has arbitrary file reading vulnerability. Remote unauthorized attackers can send special HTTP requests to read arbitrary files on the affected device.

Citrix Systems Inc. / CC BY (https://creativecommons.org/licenses/by/3.0)

Vulnerability Details

  • CVE-2020-8208
  • CVE-2020-8209
  • CVE-2020-8210
  • CVE-2020-8211
  • CVE-2020-8212
Currently, only CVE-2020-8209 information is disclosed.

CVE-2020-8209: Path traversal vulnerability in Citrix Endpoint Management. “Exploitation of this vulnerability allows hackers to obtain information that can be useful for breaching the perimeter, as the configuration file often stores domain account credentials for LDAP access¹. With access to the domain account, a remote attacker can use the obtained data for authentication on other external company resources, including corporate mail, VPN, and web applications. Worse still, an attacker who has managed to read the configuration file can access sensitive data, such as database password (local PostgreSQL by default and a remote SQL Server database in some cases). However, taking into account that the database is stored inside the corporate perimeter and cannot be accessed from the outside, this attack vector can only be used in complex attacks, for example, with the involvement of an insider accomplice.”

Affected version

  • XenMobile Server < 10.12 RP2
  • XenMobile Server < 10.11 RP4
  • XenMobile Server < 10.10 RP6
  • XenMobile Server < 10.9 RP5

Unaffected version

  • XenMobile Server < 10.12 RP3
  • XenMobile Server < 10.11 RP6
  • XenMobile Server < 10.10 RP6
  • XenMobile Server < 10.9 RP5

Solution

In this regard, we recommend that users install the latest patches for Citrix Endpoint Management in time.