Citrix Multiple High Risk Vulnerability Alert
Recently, Citrix officially released multiple security vulnerability risk announcements in the Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP components. Vulnerability impact is high risk.
Vulnerability details
CVE-ID | Vulnerability detail |
---|---|
CVE-2019-18177 | Information leakage |
CVE-2020-8187 | Privilege Elevation |
CVE-2020-8190 | Privilege Elevation |
CVE-2020-8191 | Cross-site scripting |
CVE-2020-8193 | Certification bypass |
CVE-2020-8194 | Code injection |
CVE-2020-8195 | Information leakage |
CVE-2020-8196 | Information leakage |
CVE-2020-8197 | Privilege Elevation |
CVE-2020-8198 | Cross-site scripting attack |
CVE-2020-8199 | Privilege Elevation |
Affect version
- Citrix ADC and Citrix Gateway: < 13.0-58.30
- Citrix ADC and NetScaler Gateway: < 12.1-57.18
- Citrix ADC and NetScaler Gateway: < 12.0-63.21
- Citrix ADC and NetScaler Gateway: < 11.1-64.14
- NetScaler ADC and NetScaler Gateway: < 10.5-70.18
- Citrix SD-WAN WANOP: < 11.1.1a
- Citrix SD-WAN WANOP: < 11.0.3d
- Citrix SD-WAN WANOP: < 10.2.7
- Citrix Gateway Plug-in for Linux: < 1.0.0.137
Unaffected version
- Citrix ADC and Citrix Gateway: 13.0-58.30
- Citrix ADC and NetScaler Gateway: 12.1-57.18
- Citrix ADC and NetScaler Gateway:12.0-63.21
- Citrix ADC and NetScaler Gateway:11.1-64.14
- NetScaler ADC and NetScaler Gateway:10.5-70.18
- Citrix SD-WAN WANOP: 11.1.1a
- Citrix SD-WAN WANOP: 11.0.3d
- Citrix SD-WAN WANOP: 10.2.7
- Citrix Gateway Plug-in for Linux: 1.0.0.137
Solution
In this regard, we recommend that the users promptly upgrade Citrix series products to the specified version in accordance with the repair recommendations.