Vulnerabilities discovered in Citrix Softwares allows Cross-Site Scripting on user systems
Citrix Systems, Inc. is an American multinational software company that provides server, application and desktop virtualization, networking, software as a service (SaaS), and cloud computing technologies. Citrix products are claimed to be in use by over 400,000 clients worldwide, including 99% of the Fortune 100, and 98% of the Fortune 500.
According to the reports released by the company, Android Rookies has learned that Multiple flaws were patched in the latest security update release. Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) , and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO.
According to the Citrix patch notes, if these vulnerabilities are exploited then the user might face the following security issues:
- System compromise by an unauthenticated user on the management network.
- System compromise through Cross-Site Scripting (XSS) on the management interface
- Creation of a download link for the device which, if downloaded and then executed by an unauthenticated user on the management network, may result in the compromise of their local computer.
In addition, a vulnerability has been found in Citrix Gateway Plug-in for Linux that would allow a locally logged-on user of a Linux system with that plug-in installed to elevate their privileges to an administrator account on that computer. The issues have the following identifiers:
Three of the six possible attacks in CTX276688 occur in the management interface of a vulnerable device. Systems deployed in line with Citrix recommendations will already have this interface separated from the network and protected by a firewall. That configuration greatly diminishes the risk.
Citrix CISO Fermin Serna
Serna also said that the vulnerabilities are however not related to the CVE-2019-19781 critical bug in Citrix ADC and Gateway which was announced in December. The company has however released the security patches and also recommends installing them as soon as possible.
Further, while I am not discounting the risk of privilege escalation, two of the remaining three possible attacks additionally require some form of existing access. That effectively means an external malicious actor would first need to gain unauthorized access to a vulnerable device to be able to conduct an attack. While these barriers reduce the risk of these vulnerabilities, Citrix strongly recommends quick application of the supplied patches.
added Citrix CISO Fermin Serna
For more news on tech and cybersecurity stay tuned on Android Rookies by subscribing to our newsletter from here.