CVE-2018-5314 - Authentication Bypass Vulnerability in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway

<section>
<div><div>
<div>

<h2> Description of Problem</h2>

<div>
<div>
<div>
<p>A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway that, if exploited, could allow an unauthenticated attacker with access to the NetScaler management interface to bypass authentication controls and execute arbitrary, read only commands on the NetScaler appliance.</p>
<p>This vulnerability has been assigned the following CVE number:</p>
<ul>
<li>CVE-2018-5314: Authentication Bypass Vulnerability in Citrix NetScaler ADC and NetScaler Gateway Management Interface</li>
</ul>
<p>This vulnerability affects the following product versions:</p>
<ul>
<li>Citrix NetScaler ADC and NetScaler Gateway version 12.0 builds 41.16, 41.22, 41.24, 51.24 & 53.6</li>
<li>Citrix NetScaler ADC and NetScaler Gateway version 11.1 builds 51.21, 51.26, 52.13, 53.11, 54.14, 54.16 & 55.10</li>
<li>Citrix NetScaler ADC and NetScaler Gateway version 11.0 build 70.12 </li>
</ul>
<p>This vulnerability also affects the NetScaler Load Balancing instance distributed with Citrix NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition version 9.3.0</p>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Mitigating Factors</h2>

<div>
<div>
<div>
<p>In order to exploit this vulnerability, an attacker would require access to the management interface of the NetScaler. In situations where customers have deployed their NetScaler ADC and NetScaler Gateway appliances in line with industry best practice, network access to this interface should already be restricted.</p>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> What Customers Should Do</h2>

<div>
<div>
<div>
<p>This vulnerability has been addressed in the following versions of Citrix NetScaler ADC and NetScaler Gateway:</p>
<ul>
<li>Citrix NetScaler ADC and NetScaler Gateway version 12.0 build 53.13 and later</li>
<li>Citrix NetScaler ADC and NetScaler Gateway version 11.1 build 55.13 and later</li>
<li>Citrix NetScaler ADC and NetScaler Gateway version 11.0 build 70.16 and later</li>
<li>Citrix NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition version 9.3.1 and later</li>
</ul>
<p>Citrix recommends that customers impacted by this vulnerability upgrade to a version of the Citrix NetScaler ADC, NetScaler Gateway and NetScaler SD-WAN/Cloudbridge that contains a fix for this issue as soon as possible.</p>
<p>These versions are available on the Citrix website at the following addresses:</p>
<p> <a href=“https://www.citrix.com/downloads/netscaler-adc/”>https://www.citrix.com/downloads/netscaler-adc/</a></p>
<p> <a href=“https://www.citrix.com/downloads/netscaler-gateway/”>https://www.citrix.com/downloads/netscaler-gateway/</a></p>
<p> <a href=“https://www.citrix.com/downloads/netscaler-sd-wan/”>https://www.citrix.com/downloads/netscaler-sd-wan/</a></p>
<p>In line with industry best practice, Citrix also recommends that customers limit access to the management interface to trusted traffic only. Citrix has published additional guidance on the secure configuration of NetScaler management interfaces. This can be found at the following location:</p>
<p> <a href=“https://support.citrix.com/article/CTX228148”>https://support.citrix.com/article/CTX228148</a></p>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Acknowledgements</h2>

<div>
<div>
<div>
<p>Citrix thanks xcuter, blankcon, nullbr4in, loupos, koredge of NAVER BUSINESS PLATFORM - IT Security (<a href=“https://www.nbp-corp.com”>https://www.nbp-corp.com</a>) for working with us to protect Citrix customers</p>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> What Citrix Is Doing</h2>

<div>
<div>
<div>
<div>
<div>
<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=“http://support.citrix.com/”>http://support.citrix.com/</a></u>.</p>
</div>
</div>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Obtaining Support on This Issue</h2>

<div>
<div>
<div>
<div>
<div>
<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=“https://www.citrix.com/support/open-a-support-case.html”>https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>
</div>
</div>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Reporting Security Vulnerabilities</h2>

<div>
<div>
<div>
<div>
<div>
<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 – <a href=“http://support.citrix.com/article/CTX081743”>Reporting Security Issues to Citrix</a></p>
</div>
</div>
</div>
</div>
</div>

<hr />
</div>
<div>

<h2> Changelog</h2>

<div>
<div>
<div>
<table border=“1” width=“100%”>
<tbody>
<tr>
<td>Date </td>
<td>Change</td>
</tr>
<tr>
<td>28th February 2018 </td>
<td>Initial publishing </td>
</tr>
</tbody>
</table>
</div>
</div>
</div>

<hr />
</div>
</div></div>
</section>