Citrix SD-WAN Multiple High-Risk Vulnerability Alert

On November 10, 2020, Citrix released Citrix SDWAN Center Security Update to warn about the vulnerability. These vulnerabilities numbers are CVE-2020-8271, CVE-2020-8272, and CVE-2020-8273. The exploit code (PoC) of CVE-2020-8271 has been made public.
Citrix Endpoint Management Vulnerability

Citrix Systems Inc. / CC BY (https://creativecommons.org/licenses/by/3.0)

Vulnerability Detail

CVE Description Vulnerability Type Pre-conditions
CVE-2020-8271 Unauthenticated remote code execution with root privileges CWE-23: Path Traversal An attacker must be able to communicate with SD-WAN Center’s Management IP/FQDN
CVE-2020-8272 Authentication Bypass resulting in exposure of SD-WAN functionality CWE-287: Improper Authentication An attacker must be able to communicate with SD-WAN Center’s Management IP/FQDN
CVE-2020-8273 Privilege escalation of an authenticated user to root CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) The attacker must be an authenticated user on SD-WAN Center

Affected version

  • Citrix SD-WAN 11.2 before 11.2.2
  • Citrix SD-WAN 11.1 before 11.1.2b
  • Citrix SD-WAN 10.2 before 10.2.8

Unaffected version

  • Citrix SD-WAN 11.2.2 and later versions of Citrix SD-WAN 11.2
  • Citrix SD-WAN 11.1.2b and later versions of Citrix SD-WAN 11.1
  • Citrix SD-WAN 10.2.8 and later versions of Citrix SD-WAN 10.2

Solution

In this regard, we recommend that users upgrade Citrix SD-WAN to the latest version in time.