Citrix SD-WAN Multiple Security Updates

<section>
<div><div>
<div>
<h2> Description of Problem</h2>
<div>
<div>
<div>
<p>Multiple vulnerabilities have been identified in the management console of the Citrix SD-WAN Center and NetScaler SD-WAN Center. Multiple Vulnerabilities have also been identified on the Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance. Collectively, these vulnerabilities could result in an unauthenticated attacker executing commands as root against the SD-WAN Center management console, or potentially be used to gain root privileges on the SD-WAN appliance. The vulnerabilities have been assigned the following CVE numbers.</p>
<p>CVE-2019-12985 – Unauthenticated Command Injection in Citrix SD-WAN Center 10.2.x before 10.2.3 and NetScaler SD-WAN Center 10.0.x before 10.0.8.</p>
<p>CVE-2019-12986 – Unauthenticated Command Injection in Citrix SD-WAN Center 10.2.x before 10.2.3 and NetScaler SD-WAN Center 10.0.x before 10.0.8.</p>
<p>CVE-2019-12987 – Unauthenticated Command Injection in Citrix SD-WAN Center 10.2.x before 10.2.3 and NetScaler SD-WAN Center 10.0.x before 10.0.8.</p>
<p>CVE-2019-12988 – Unauthenticated Command Injection in Citrix SD-WAN Center 10.2.x before 10.2.3 and NetScaler SD-WAN Center 10.0.x before 10.0.8.</p>
<p>CVE-2019-12990 – Unauthenticated Directory Traversal File Write in Citrix SD-WAN Center 10.2.x before 10.2.3 and NetScaler SD-WAN Center 10.0.x before 10.0.8.</p>
<p>CVE-2019-12992 – Authenticated Command Injection in Citrix SD-WAN Center 10.2.x before 10.2.3 and NetScaler SD-WAN Center 10.0.x before 10.0.8.</p>
<p>CVE-2019-12989 – Unauthenticated SQL Injection in Citrix SD-WAN Appliance 10.2.x before 10.2.3 and NetScaler SD-WAN Appliance 10.0.x before 10.0.8.</p>
<p>CVE-2019-12991 – Authenticated Command Injection in Citrix SD-WAN Appliance 10.2.x before 10.2.3 and NetScaler SD-WAN Appliance 10.0.x before 10.0.8.</p>
<p>Affected Versions for Citrix SD-WAN Center and Citrix SD-WAN Appliance:</p>
<ul>
<li>All versions of NetScaler SD-WAN 9.x *</li>
<li>All versions of NetScaler SD-WAN 10.0.x earlier than 10.0.8</li>
<li>All versions of Citrix SD-WAN 10.1.x </li>
<li>All versions of Citrix SD-WAN 10.2.x earlier than 10.2.3</li>
</ul>
<p> Upgrade to 10.0.8 or 10.2.3 for security update</p>
</div>
</div>
</div>
</div>
<div>
<h2> Mitigating Factors</h2>
<div>
<div>
<div>
<p>In order to protect against these vulnerabilities and web application related issues, Citrix recommends access to the management console be restricted. In situations where customers have deployed their management console in line with industry best practice, network access to this interface should already be restricted.</p>
<p>Security Best Practices:</p>
<p>10.x - <a href=“https://docs.citrix.com/en-us/netscaler-sd-wan/10/best-practices/security-best-practices.html”>https://docs.citrix.com/en-us/netscaler-sd-wan/10/best-practices/security-best-practices.html</a> </p>
</div>
</div>
</div>
</div>
<div>
<h2> What Customers Should Do</h2>
<div>
<div>
<div>
<p>These vulnerabilities have been addressed in the following software versions:</p>
<ul>
<li>NetScaler SD-WAN Center 10.0.8 and NetScaler SD-WAN 10.0.8 Appliance</li>
<li>Citrix SD-WAN Center 10.2.3 and Citrix SD-WAN 10.2.3 Appliance</li>
</ul>
<p>Citrix strongly recommends that customers using vulnerable software upgrade their SD-WAN Center management console or SD-WAN appliance to the new version or later as soon as possible.</p>
<p>If using a version of SD-WAN that is no longer supported, upgrade to the new version of the product that includes the security update.</p>
<p>The new software versions will be available on the Citrix website. Information on the available versions can be found at the following location:</p>
<p> <a href=“https://www.citrix.com/downloads/netscaler-sd-wan/”>https://www.citrix.com/downloads/netscaler-sd-wan/</a></p>
<p>In line with general best practice, Citrix also recommends that customers limit access to the management console of the Citrix SD-WAN Appliance / NetScaler SD-WAN Appliance to trusted network traffic only.</p>
</div>
</div>
</div>
</div>
<div>
<h2> Acknowledgements</h2>
<div>
<div>
<div>
<p>Citrix thanks Chris Lyne at Tenable, Inc. for working with us to protect Citrix customers.</p>
</div>
</div>
</div>
</div>
<div>
<h2> What Citrix Is Doing</h2>
<div>
<div>
<div>
<div>
<div>
<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=“http://support.citrix.com/”>http://support.citrix.com/</a></u>.</p>
</div>
</div>
</div>
</div>
</div>
</div>
<div>
<h2> Obtaining Support on This Issue</h2>
<div>
<div>
<div>
<div>
<div>
<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=“https://www.citrix.com/support/open-a-support-case.html”>https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>
</div>
</div>
</div>
</div>
</div>
</div>
<div>
<h2> Reporting Security Vulnerabilities</h2>
<div>
<div>
<div>
<div>
<div>
<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 – <a href=“http://support.citrix.com/article/CTX081743”>Reporting Security Issues to Citrix</a></p>
</div>
</div>
</div>
</div>
</div>
</div>
<div>
<h2> Changelog</h2>
<div>
<div>
<div>
<table width=“100%”>
<tbody>
<tr>
<td colspan=“1” rowspan=“1”>Date </td>
<td colspan=“1” rowspan=“1”>Change</td>
</tr>
<tr>
<td colspan=“1” rowspan=“1”>10th July 2019</td>
<td colspan=“1” rowspan=“1”>Initial Publishing</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div></div>
</section>