{"id": "CVE-2020-8246", "bulletinFamily": "NVD", "title": "CVE-2020-8246", "description": "Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network.", "published": "2020-09-18T21:15:00", "modified": "2020-10-07T15:43:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8246", "reporter": "cve@mitre.org", "references": ["https://support.citrix.com/article/CTX281474"], "cvelist": ["CVE-2020-8246"], "type": "cve", "lastseen": "2020-12-09T22:03:18", "edition": 6, "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["CITRIX_NETSCALER_CTX281474.NASL", "CITRIX_SDWAN_CTX281474.NASL"]}, {"type": "citrix", "idList": ["CTX281474"]}], "modified": "2020-12-09T22:03:18", "rev": 2}, "score": {"value": 3.1, "vector": "NONE", "modified": "2020-12-09T22:03:18", "rev": 2}, "vulnersScore": 3.1}, "cpe": [], "affectedSoftware": [{"cpeName": "citrix:application_delivery_controller_firmware", "name": "citrix application delivery controller firmware", "operator": "lt", "version": "12.1-58.15"}, {"cpeName": "citrix:sd-wan_wanop", "name": "citrix sd-wan wanop", "operator": "lt", "version": "11.1.2a"}, {"cpeName": "citrix:netscaler_gateway", "name": "citrix netscaler gateway", "operator": "lt", "version": "12.1-58.15"}, {"cpeName": "citrix:gateway", "name": "citrix gateway", "operator": "lt", "version": "11.1-65.12"}, {"cpeName": "citrix:sd-wan_wanop", "name": "citrix sd-wan wanop", "operator": "lt", "version": "11.0.3f"}, {"cpeName": "citrix:application_delivery_controller_firmware", "name": "citrix application delivery controller firmware", "operator": "lt", "version": "11.1-65.12"}, {"cpeName": "citrix:sd-wan_wanop", "name": "citrix sd-wan wanop", "operator": "lt", "version": "10.2.7b"}, {"cpeName": "citrix:application_delivery_controller_firmware", "name": "citrix application delivery controller firmware", "operator": "lt", "version": "13.0-64.35"}, {"cpeName": "citrix:sd-wan_wanop", "name": "citrix sd-wan wanop", "operator": "lt", "version": "11.2.1a"}, {"cpeName": "citrix:gateway", "name": "citrix gateway", "operator": "lt", "version": "13.0-64.35"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cpe23": [], "cwe": ["CWE-400"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:citrix:sd-wan_wanop:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:citrix:sd-wan_wanop:11.0.3f:*:*:*:*:*:*:*", "versionEndExcluding": "11.0.3f", "versionStartIncluding": "11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:sd-wan_wanop:10.2.7b:*:*:*:*:*:*:*", "versionEndExcluding": "10.2.7b", "versionStartIncluding": "10.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:sd-wan_wanop:11.2.1a:*:*:*:*:*:*:*", "versionEndExcluding": "11.2.1a", "versionStartIncluding": "11.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:sd-wan_wanop:11.1.2a:*:*:*:*:*:*:*", "versionEndExcluding": "11.1.2a", "versionStartIncluding": "11.1", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:citrix:gateway:13.0-64.35:*:*:*:*:*:*:*", "versionEndExcluding": "13.0-64.35", "versionStartIncluding": "13.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:gateway:11.1-65.12:*:*:*:*:*:*:*", "versionEndExcluding": "11.1-65.12", "versionStartIncluding": "11.1", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:citrix:netscaler_gateway:12.1-58.15:*:*:*:*:*:*:*", "versionEndExcluding": "12.1-58.15", "versionStartIncluding": "12.1", "vulnerable": true}], "operator": "OR"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1-65.12:*:*:*:*:*:*:*", "versionEndExcluding": "11.1-65.12", "versionStartIncluding": "11.1", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:13.0-64.35:*:*:*:*:*:*:*", "versionEndExcluding": "13.0-64.35", "versionStartIncluding": "13.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1-58.15:*:*:*:*:*:*:*", "versionEndExcluding": "12.1-58.15", "versionStartIncluding": "12.1", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}]}, "affectedConfiguration": [{"cpeName": "citrix:application_delivery_controller", "name": "citrix application delivery controller", "operator": "eq", "version": "-"}, {"cpeName": "citrix:sd-wan_wanop", "name": "citrix sd-wan wanop", "operator": "eq", "version": "-"}]}

{"nessus": [{"lastseen": "2020-10-10T13:23:22", "description": "The remote Citrix SD-WAN WANOP device is version 10.2.x prior to 10.2.7b, 11.0.x prior to 11.0.3f, 11.1.x prior to\n11.1.2a, 11.2.x prior to 11.2.1a. It is, therefore, affected by multiple vulnerabilities:\n\n - A denial of service (DoS) vulnerability originating from the management network. (CVE-2020-8246)\n\n - A Escalation of privileges on the management interface. (CVE-2020-8247)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 3, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-09-25T00:00:00", "title": "Citrix SD-WAN WANOP Multiple Vulnerabilities (CTX281474)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8246", "CVE-2020-8247"], "modified": "2020-09-25T00:00:00", "cpe": ["x-cpe:/a:citrix:sd-wan"], "id": "CITRIX_SDWAN_CTX281474.NASL", "href": "https://www.tenable.com/plugins/nessus/140798", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140798);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/09\");\n\n script_cve_id(\"CVE-2020-8246\", \"CVE-2020-8247\");\n script_xref(name:\"IAVA\", value:\"2020-A-0434\");\n\n script_name(english:\"Citrix SD-WAN WANOP Multiple Vulnerabilities (CTX281474)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Citrix SD-WAN WANOP device is version 10.2.x prior to 10.2.7b, 11.0.x prior to 11.0.3f, 11.1.x prior to\n11.1.2a, 11.2.x prior to 11.2.1a. It is, therefore, affected by multiple vulnerabilities:\n\n - A denial of service (DoS) vulnerability originating from the management network. (CVE-2020-8246)\n\n - A Escalation of privileges on the management interface. (CVE-2020-8247)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.citrix.com/article/CTX281474\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade Citrix SD-WAN WAN-OS to version 10.2.7b, 11.0.3f, 11.1.2a, 11.2.1a or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8247\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(269, 400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:citrix:sd-wan\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"citrix_sdwan_detect.nbin\");\n script_require_keys(\"installed_sw/Citrix SD-WAN\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp_name = 'Citrix SD-WAN';\napp_info = vcf::get_app_info(app:app_name);\n\nedition = app_info['Edition'];\nmodel = app_info['Model'];\npattern = \"WAN-?OP\";\n\nif (report_paranoia < 2 && empty_or_null(edition) && empty_or_null(model))\n audit(AUDIT_PARANOID);\n\nif (\n\t !preg(pattern:pattern, string:edition) &&\n !preg(pattern:pattern, string:model) &&\n (!empty_or_null(edition) || !empty_or_null(model))\n )audit(AUDIT_HOST_NOT, 'affected');\n\nconstraints = [\n { 'min_version' : '10.2.0', 'fixed_version' : '10.2.7b' },\n { 'min_version' : '11.0.0', 'fixed_version' : '11.0.3f' },\n { 'min_version' : '11.1.0', 'fixed_version' : '11.1.2a' },\n { 'min_version' : '11.2.0', 'fixed_version' : '11.2.1a' }\n];\n\nvcf::check_version_and_report(\n\tapp_info:app_info,\n\tconstraints:constraints,\n\tseverity:SECURITY_WARNING\n);", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-10-10T13:23:22", "description": "The remote Citrix ADC or Citrix NetScaler Gateway device is version 11.1.x prior to 11.1.65.12, 12.1.x prior to \n12.1.58.15 or 13.0.x prior to 13.0.64.35. It is, therefore, affected by multiple vulnerabilities:\n - A HTML injection vulnerability exists in Citrix ADC due to improper validation of user-supplied input. \n An unauthenticated, remote attacker can exploit this to inject arbitrary content into responses generated\n by the application (CVE-2020-8245).\n\n - A denial of service (DoS) vulnerability exists in Citrix ADC. An unauthenticated, remote attacker can \n exploit this issue, to impose a DoS condition on the application (CVE-2020-8246).\n\n - A privilege escalation vulnerability exists in management interface component. An authenticated, \n remote attacker can exploit this, to gain privileged access to the system (CVE-2020-8247). \n\nPlease refer to advisory CTX281474 for more information.", "edition": 3, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-09-25T00:00:00", "title": "Citrix ADC and Citrix NetScaler Gateway Multiple Vulnerabilities (CTX281474)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8246", "CVE-2020-8245", "CVE-2020-8247"], "modified": "2020-09-25T00:00:00", "cpe": ["cpe:/h:citrix:netscaler_gateway", "cpe:/h:citrix:netscaler_application_delivery_controller"], "id": "CITRIX_NETSCALER_CTX281474.NASL", "href": "https://www.tenable.com/plugins/nessus/140790", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140790);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/09\");\n\n script_cve_id(\"CVE-2020-8245\", \"CVE-2020-8246\", \"CVE-2020-8247\");\n script_xref(name:\"IAVA\", value:\"2020-A-0434\");\n\n script_name(english:\"Citrix ADC and Citrix NetScaler Gateway Multiple Vulnerabilities (CTX281474)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Citrix ADC or Citrix NetScaler Gateway device is version 11.1.x prior to 11.1.65.12, 12.1.x prior to \n12.1.58.15 or 13.0.x prior to 13.0.64.35. It is, therefore, affected by multiple vulnerabilities:\n - A HTML injection vulnerability exists in Citrix ADC due to improper validation of user-supplied input. \n An unauthenticated, remote attacker can exploit this to inject arbitrary content into responses generated\n by the application (CVE-2020-8245).\n\n - A denial of service (DoS) vulnerability exists in Citrix ADC. An unauthenticated, remote attacker can \n exploit this issue, to impose a DoS condition on the application (CVE-2020-8246).\n\n - A privilege escalation vulnerability exists in management interface component. An authenticated, \n remote attacker can exploit this, to gain privileged access to the system (CVE-2020-8247). \n\nPlease refer to advisory CTX281474 for more information.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.citrix.com/article/CTX281474\");\n script_set_attribute(attribute:\"solution\", value:\n\"For versions 11.1.x, 12.1.x and 13.0.x, upgrade to 11.1.65.12, 12.1.58.15 and 13.0.64.35, or later, respectively.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8247\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:citrix:netscaler_gateway\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:citrix:netscaler_application_delivery_controller\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"citrix_netscaler_detect.nbin\");\n script_require_keys(\"Host/NetScaler/Detected\");\n\n exit(0);\n}\n\nversion = get_kb_item_or_exit('Host/NetScaler/Version');\nbuild = get_kb_item('Host/NetScaler/Build');\n\ndisplay_version = version + '-' + build;\nversion = version + '.' + build;\nfixed_build = NULL;\n\nif (version =~ '^11\\\\.1' && ver_compare(ver:build, fix:'65.12', strict:FALSE) < 0)\n fixed_build = '11.1-65.12';\n\nif (version =~ '^12\\\\.1' && ver_compare(ver:build, fix:'58.15', strict:FALSE) < 0)\n fixed_build = '12.1-58.15';\n\nif (version =~ '^13\\\\.0' && ver_compare(ver:build, fix:'64.35', strict:FALSE) < 0)\n fixed_build = '13.0-64.35';\n\nif (isnull(fixed_build))\n audit(AUDIT_INST_VER_NOT_VULN, 'Citrix NetScaler', display_version);\n\nreport =\n '\\n Installed version : ' + display_version +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n\nsecurity_report_v4(\n port:0,\n severity:SECURITY_WARNING,\n extra:report\n);\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "citrix": [{"lastseen": "2021-01-19T22:28:05", "bulletinFamily": "software", "cvelist": ["CVE-2020-8245", "CVE-2020-8246", "CVE-2020-8247"], "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n<h2> Description of Problem</h2>\n<div>\n<div>\n<div>\n<p>Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could result in the following security issues:</p>\n</div>\n<div>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td colspan=\"1\" rowspan=\"1\" width=\"77\"><p><b>CVE ID</b></p> </td>\n<td colspan=\"1\" rowspan=\"1\" width=\"141\"><p><b>Description</b></p> </td>\n<td colspan=\"1\" rowspan=\"1\" width=\"134\"><p><b>Vulnerability Type </b></p> </td>\n<td colspan=\"1\" rowspan=\"1\" width=\"92\"><p><b>Affected Products</b></p> </td>\n<td colspan=\"1\" rowspan=\"1\" width=\"158\"><p><b>Pre-conditions</b></p> </td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\" width=\"77\"><p>CVE-2020-8245</p> </td>\n<td colspan=\"1\" rowspan=\"1\" width=\"141\"><p>An HTML Injection attack against the SSL VPN web portal</p> <p> </p> </td>\n<td colspan=\"1\" rowspan=\"1\" width=\"134\"><p>CWE-79: Improper Neutralization of Input During Web Page Generation</p> </td>\n<td colspan=\"1\" rowspan=\"1\" width=\"92\"><p>Citrix ADC, Citrix Gateway</p> </td>\n<td colspan=\"1\" rowspan=\"1\" width=\"158\"><p>Requires an authenticated victim on the SSL VPN web portal who must open an attacker-controlled link in the browser</p> </td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\" width=\"77\"><p>CVE-2020-8246</p> </td>\n<td colspan=\"1\" rowspan=\"1\" width=\"141\"><p>A denial of service attack originating from the management network</p> <p> </p> </td>\n<td colspan=\"1\" rowspan=\"1\" width=\"134\"><p>CWE-400: Uncontrolled Resource Consumption</p> <p> </p> </td>\n<td colspan=\"1\" rowspan=\"1\" width=\"92\"><p>Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP</p> </td>\n<td colspan=\"1\" rowspan=\"1\" width=\"158\"><p>Unauthenticated attacker with access to the management network</p> </td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\" width=\"77\"><p>CVE-2020-8247</p> </td>\n<td colspan=\"1\" rowspan=\"1\" width=\"141\"><p>Escalation of privileges on the management interface</p> </td>\n<td colspan=\"1\" rowspan=\"1\" width=\"134\"><p>CWE-269: Improper Privilege Management </p> </td>\n<td colspan=\"1\" rowspan=\"1\" width=\"92\"><p>Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP </p> </td>\n<td colspan=\"1\" rowspan=\"1\" width=\"158\"><p>An attacker must possess privilege to execute arbitrary commands on the management interface</p> </td>\n</tr>\n</tbody>\n</table>\n</div>\n<div>\n<p>The vulnerabilities are addressed in the following supported versions:</p>\n<ul>\n<li>Citrix ADC and Citrix Gateway 13.0-64.35 and later releases</li>\n<li>Citrix ADC and NetScaler Gateway 12.1-58.15 and later releases</li>\n<li>Citrix ADC 12.1-FIPS 12.1-55.187 and later releases</li>\n<li>Citrix ADC and NetScaler Gateway 11.1-65.12 and later releases</li>\n<li>Citrix SD-WAN WANOP 11.2.1a and later releases</li>\n<li>Citrix SD-WAN WANOP 11.1.2a and later releases</li>\n<li>Citrix SD-WAN WANOP 11.0.3f and later releases</li>\n<li>Citrix SD-WAN WANOP 10.2.7b and later releases</li>\n</ul>\n<p>Customers should note that Citrix ADC and Citrix Gateway 12.0, which has reached End of Maintenance, is impacted by these vulnerabilities. Citrix recommends that customers using this version upgrade to a later version that addresses these issues.</p>\n<p>Additionally, security enhancements to help protect customers against HTTP Request Smuggling attacks have been added to the above versions of Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP. Customers may enable these enhancements using the Citrix ADC management interface. Please see <a href=\"https://support.citrix.com/article/CTX282268\">https://support.citrix.com/article/CTX282268</a> for more information.</p>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> Mitigating Factors</h2>\n<div>\n<div>\n<div>\n<p>Two of the three vulnerabilities originate in the management interface of Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP. Citrix strongly recommends that network traffic to the appliance\u2019s management interface is separated, either physically or logically, from normal network traffic. Doing so greatly diminishes risk of exploitation. Please see <a href=\"https://docs.citrix.com/en-us/citrix-adc/citrix-adc-secure-deployment/secure-deployment-guide.html\">https://docs.citrix.com/en-us/citrix-adc/citrix-adc-secure-deployment/secure-deployment-guide.html</a> for more information.</p>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> What Customers Should Do</h2>\n<div>\n<div>\n<div>\n<p>Fixed builds have been released for supported versions of Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP. Citrix recommends that affected customers install these updates as soon as their patching schedule permits.</p>\n<p>The latest builds can be downloaded from <a href=\"https://www.citrix.com/downloads/citrix-adc/\">https://www.citrix.com/downloads/citrix-adc/</a>, <a href=\"https://www.citrix.com/downloads/citrix-gateway/\">https://www.citrix.com/downloads/citrix-gateway/</a> and <a href=\"https://www.citrix.com/downloads/citrix-sd-wan/\">https://www.citrix.com/downloads/citrix-sd-wan/</a></p>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> Acknowledgements</h2>\n<div>\n<div>\n<div>\n<p>Citrix would like to thank Knud of F-Secure, Arsenii Pustovit of Adversary Emulation team (Royal Bank of Canada), Moritz Bechler of SySS GmbH, Johan Georges from Wisearc Advisors in Sweden, Vasilis Maritsas of EY Consulting, Juan David Ordo\u00f1ez Noriega, member of RedTeam CSIETE and Ricardo Iramar Dos Santos for working with us to protect Citrix customers.</p>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> What Citrix Is Doing</h2>\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=\"http://support.citrix.com/\">http://support.citrix.com/</a></u>.</p>\n</div>\n</div>\n</div>\n<div>\n<p>To receive future security bulletins, customers can update their support notifications at <a href=\"https://support.citrix.com/user/alerts\">https://support.citrix.com/user/alerts</a> or subscribe to the RSS feed at <a href=\"https://support.citrix.com/feeds\">https://support.citrix.com/feeds</a>.</p>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> Obtaining Support on This Issue</h2>\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=\"https://www.citrix.com/support/open-a-support-case.html\">https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>\n</div>\n</div>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> Reporting Security Vulnerabilities</h2>\n<div>\n<div>\n<div>\n<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For details on our vulnerability response process and guidance on how to report security-related issues to Citrix, please see the following webpage: \u2013 <a href=\"https://www.citrix.com/about/trust-center/vulnerability-process.html\">https://www.citrix.com/about/trust-center/vulnerability-process.html</a></p>\n</div>\n</div>\n</div>\n</div>\n<div>\n<h2> Changelog</h2>\n<div>\n<div>\n<div>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">Date </td>\n<td colspan=\"1\" rowspan=\"1\">Change</td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">2020-09-17</td>\n<td colspan=\"1\" rowspan=\"1\">Initial Publication</td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">2020-09-18</td>\n<td colspan=\"1\" rowspan=\"1\">Clarification on version 12.0</td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n</div>\n</div></div>\n</section>", "modified": "2020-09-18T04:00:00", "published": "2020-11-09T09:09:02", "id": "CTX281474", "href": "https://support.citrix.com/article/CTX281474", "type": "citrix", "title": "Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}