Sarenka - OSINT Tool - Data From Services Like Shodan, Censys Etc. In One Place
2021-01-07T11:30:02
ID KITPLOIT:491559930238488010 Type kitploit Reporter KitPloit Modified 2021-01-07T11:30:02
Description
> SARENKA is an Open Source Intelligence ( OSINT ) tool which helps you obtaining and understanding Attack Surface .
The main goal is to gathering infromation from search engines for Internet-connected devices ( https://censys.io/ , https://www.shodan.io/ ). It scraps data about Common Vulnerabilities and Exposures ( CVE ), Common Weakness Enumeration ( CWE ) and also has database where CVEs are mapped to CWE.
It returns data about local machine - local installed softwares (from Windows Registry), local network information (python libraries, popular cmd commads).
For now application has also simple tools like hash calcualtor, shannon entropy calculator and very simple port scanner. More cryptography-math tools and reconnaissance scripts are planned.
Realtion beetwen CWE and CVE - sarenka data feeder
Generating this file takes a long time e.g: 702.5641514
check is port open|closed (instead always use nmap if you can - it's slow)
Database
This is tricki part, because we have 863 sqlite3 database files: default, CWE-NONE (some CVE hasn't cwe_id eg.: CVE-2013-3621) and 861 individual for CWEs
Tech
Description in progress.
SARENKA uses a number of open source projects to work properly on:
{"id": "KITPLOIT:491559930238488010", "bulletinFamily": "tools", "title": "Sarenka - OSINT Tool - Data From Services Like Shodan, Censys Etc. In One Place", "description": "[  ](<https://1.bp.blogspot.com/-5ode9hIvRA0/X_YofVZgBUI/AAAAAAAAU44/Bi688iriyQM5TfhmSguZUraRk8WNCovrwCNcBGAsYHQ/s300/sarenka_1_logo.png>)\n\n \n\n\n> ** SARENKA ** is an Open Source [ Intelligence ](<https://www.kitploit.com/search/label/Intelligence> \"Intelligence\" ) ( ** OSINT ** ) tool which helps you obtaining and understanding ** Attack Surface ** . \n\nThe main goal is to gathering infromation from search engines for Internet-connected devices ( ** [ https://censys.io/ ](<https://censys.io/> \"https://censys.io/\" ) ** , ** [ https://www.shodan.io/ ](<https://www.shodan.io/> \"https://www.shodan.io/\" ) ** ). It scraps data about [ Common Vulnerabilities ](<https://www.kitploit.com/search/label/Common%20Vulnerabilities> \"Common Vulnerabilities\" ) and Exposures ( ** CVE ** ), Common Weakness Enumeration ( ** CWE ** ) and also has database where CVEs are mapped to CWE. \n\nIt returns data about local machine - local installed softwares (from Windows Registry), local network information (python libraries, popular cmd commads). \n\nFor now application has also simple tools like hash calcualtor, shannon entropy calculator and very simple port scanner. More cryptography-math tools and [ reconnaissance ](<https://www.kitploit.com/search/label/Reconnaissance> \"reconnaissance\" ) scripts are planned. \n\n \n\n\n** Realtion beetwen CWE and CVE - sarenka data feeder **\n\nGenerating this file takes a long time e.g: 702.5641514 \n\n \n** all CWE Ids with description ** \n\n\n[ https://raw.githubusercontent.com/pawlaczyk/sarenka_tools/master/cwe_all.json ](<https://raw.githubusercontent.com/pawlaczyk/sarenka_tools/master/cwe_all.json> \"https://raw.githubusercontent.com/pawlaczyk/sarenka_tools/master/cwe_all.json\" )\n\n \n** all CVE Ids with description ** \n\n\nIn progress \n\n \n** get all CVE Ids by CWE Id ** \n\n\nIn progress \n\n \n** Installation ** \n\n\nDescription in progress \n\n \n** Getting started ** \n\n\nDescription in progress Sarenka is local web application for Windows. \n\n \n** Config ** \n\n\nRirst release gathers data from two search engines. example sarenka/backend/connectors/credentials.json \n \n \n { \n \"censys\": { \n \"base_url\": \"https://censys.io/\", \n \"API_ID\": \"<my_user>\", \n \"Secret\": \"<my_api_key>\", \n \"API_URL\": \"https://censys.io/api/v1\" \n }, \n \"shodan\": { \n \"base_url\": \"https://www.shodan.io/\", \n \"user\": \"<my_user>\", \n \"api_key\": \"<my_api_key>\" \n } \n }\n\n \n** Features ** \n\n\n * gets data from ** [ https://censys.io/ ](<https://censys.io/> \"https://censys.io/\" ) ** by ip \n * get data from ** [ https://www.shodan.io/ ](<https://www.shodan.io/> \"https://www.shodan.io/\" ) ** by ip \n * get ** DNS ** data \n * get ** WHOIS ** data \n * ** banner ** grabbing \n * find ** CVEs ** by ** CWE **\n * generatre pdf report \n\nYou can also: \n\n * calculate ** hashes ** based on user string \n * calculate ** shannon entropy ** based on user string \n * check is ** port ** open|closed (instead always use nmap if you can - it's slow) \n \n** Database ** \n\n\nThis is tricki part, because we have 863 sqlite3 database files: default, CWE-NONE (some CVE hasn't cwe_id eg.: CVE-2013-3621) and 861 individual for CWEs \n\n \n** Tech ** \n\n\nDescription in progress. \n\nSARENKA uses a number of open source projects to work properly on: \n\n * [ Renderforest ](<https://www.renderforest.com/> \"Renderforest\" ) \\- logo generator \n * [ gawk ](<http://gnuwin32.sourceforge.net/packages/gawk.htm> \"gawk\" ) \\- python manage.py migrate --database CWE_ID \n * [ chocolatey ](<https://chocolatey.org/> \"chocolatey\" )\n * [ PyCharm ](<https://www.jetbrains.com/pycharm/> \"PyCharm\" ) \\- Community Edition \n * [ Technology ](<https://github.com/pawlaczyk/sarenka/blob/master/url_address> \"Technology\" ) \\- description \n * [ Technology ](<https://github.com/pawlaczyk/sarenka/blob/master/url_address> \"Technology\" ) \\- description \n * [ Technology ](<https://github.com/pawlaczyk/sarenka/blob/master/url_address> \"Technology\" ) \\- description \n * [ Technology ](<https://github.com/pawlaczyk/sarenka/blob/master/url_address> \"Technology\" ) \\- description \n * [ Technology ](<https://github.com/pawlaczyk/sarenka/blob/master/url_address> \"Technology\" ) \\- description \n * [ Technology ](<https://github.com/pawlaczyk/sarenka/blob/master/url_address> \"Technology\" ) \\- description \n * [ Technology ](<https://github.com/pawlaczyk/sarenka/blob/master/url_address> \"Technology\" ) \\- description \n * [ Technology ](<https://github.com/pawlaczyk/sarenka/blob/master/url_address> \"Technology\" ) \\- description \n * [ Technology ](<https://github.com/pawlaczyk/sarenka/blob/master/url_address> \"Technology\" ) \\- description \n * [ Technology ](<https://github.com/pawlaczyk/sarenka/blob/master/url_address> \"Technology\" ) \\- description \n\nAnd of course SARENKA itself is open source with a [ public repository ](<https://github.com/pawlaczyk/sarenka> \"public repository\" ) on GitHub. \n\n \n** Planned features ** \n\n\n * Rewrite documentation in English (end of 2021) \n * trello/ github instead of Jira \n * Cover 100% code by tests \n * typing backend \n * document all functions and class \n * Docker \n * online demo \n * Jenkins \n * GraphQL \n * Selenium Scrapers \n * More pentesting tools \n * Google Dorks \n * Abstract Algebra calculator \n * Number Theory calculator \n * Server certificate validator \n * tests on Linux \n * NLP \n * d3js visualizations \n * alterntive pure version in command lineS \n \n** CI/CD Tools ** \n\n\n * [ https://circleci.com/ ](<https://circleci.com/> \"https://circleci.com/\" )\n * [ https://github.com/snyk-bot ](<https://github.com/snyk-bot> \"https://github.com/snyk-bot\" )\n \n** Tests ** \n\n\n * Tested on Windows 10 \n * Tested on Kali Linux kali-rolling 2020.2 \n \n** Documentation ** \n\n\nTill end of March, 2021 documentation will be available only in Polish! The documentation is availabe [ here ](<https://pawlaczyk.github.io/sarenka/> \"here\" ) . \n\n \n \n\n\n** [ Download Sarenka ](<https://github.com/pawlaczyk/sarenka> \"Download Sarenka\" ) **\n", "published": "2021-01-07T11:30:02", "modified": "2021-01-07T11:30:02", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://www.kitploit.com/2021/01/sarenka-osint-tool-data-from-services.html", "reporter": "KitPloit", "references": ["https://github.com/pawlaczyk/sarenka/blob/master/url_address", "https://pawlaczyk.github.io/sarenka/", "https://github.com/pawlaczyk/sarenka", "https://raw.githubusercontent.com/pawlaczyk/sarenka_tools/master/cwe_all.json", "https://github.com/snyk-bot"], "cvelist": ["CVE-2013-3621"], "type": "kitploit", "lastseen": "2021-01-07T16:04:28", "edition": 1, "viewCount": 62, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-3621"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/SCANNER/HTTP/SMT_IPMI_CGI_SCANNER"]}, {"type": "citrix", "idList": ["CTX216642"]}], "modified": "2021-01-07T16:04:28", "rev": 2}, "score": {"value": 4.9, "vector": "NONE", "modified": "2021-01-07T16:04:28", "rev": 2}, "vulnersScore": 4.9}, "toolHref": "https://github.com/pawlaczyk/sarenka"}
{"cve": [{"lastseen": "2020-10-03T12:46:03", "bulletinFamily": "NVD", "cvelist": ["CVE-2013-3621"], "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-3607. Reason: This candidate is a reservation duplicate of CVE-2013-3607. Notes: All CVE users should reference CVE-2013-3607 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "edition": 3, "modified": "2020-01-02T18:15:00", "published": "2020-01-02T18:15:00", "id": "CVE-2013-3621", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3621", "title": "CVE-2013-3621", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}], "metasploit": [{"lastseen": "2020-10-12T22:18:03", "description": "This module checks for known vulnerabilities in the CGI applications of Supermicro Onboard IPMI controllers. These issues currently include several unauthenticated buffer overflows in the login.cgi and close_window.cgi components.\n", "published": "2013-11-06T19:45:40", "type": "metasploit", "title": "Supermicro Onboard IPMI CGI Vulnerability Scanner", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-3621", "CVE-2013-3623"], "modified": "2020-10-02T20:00:37", "id": "MSF:AUXILIARY/SCANNER/HTTP/SMT_IPMI_CGI_SCANNER", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nrequire 'uri'\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::HttpClient\n include Msf::Auxiliary::Scanner\n include Msf::Auxiliary::Report\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Supermicro Onboard IPMI CGI Vulnerability Scanner',\n 'Description' => %q{\n This module checks for known vulnerabilities in the CGI applications of\n Supermicro Onboard IPMI controllers. These issues currently include\n several unauthenticated buffer overflows in the login.cgi and close_window.cgi\n components.\n },\n 'Author' =>\n [\n 'hdm', # Discovery and analysis\n 'juan vazquez' # Metasploit module\n ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n [ 'CVE', '2013-3621' ],\n [ 'CVE', '2013-3623' ],\n [ 'URL', 'https://blog.rapid7.com/2013/11/06/supermicro-ipmi-firmware-vulnerabilities']\n ],\n 'DisclosureDate' => '2013-11-06'))\n\n end\n\n def is_supermicro?\n res = send_request_cgi(\n {\n \"uri\" => \"/\",\n \"method\" => \"GET\"\n })\n\n if res and res.code == 200 and res.body.to_s =~ /ATEN International Co Ltd\\./\n return true\n else\n return false\n end\n end\n\n def send_close_window_request(sess)\n res = send_request_cgi({\n 'method' => 'POST',\n 'uri' => \"/cgi/close_window.cgi\",\n 'encode_params' => false,\n 'vars_post' => {\n 'sess_sid' => sess\n }\n })\n\n return res\n end\n\n def check_close_window\n safe_check = Rex::Text.rand_text_alpha(20)\n trigger_check = Rex::Text.rand_text_alpha(132)\n\n res = send_close_window_request(safe_check)\n\n unless res and res.code == 200 and res.body.to_s =~ /Can't find action/\n return false\n end\n\n res = send_close_window_request(trigger_check)\n\n unless res and res.code == 500\n return false\n end\n\n return true\n end\n\n def send_login_request(name)\n res = send_request_cgi({\n 'method' => 'POST',\n 'uri' => \"/cgi/login.cgi\",\n 'encode_params' => false,\n 'vars_post' => {\n 'name' => name,\n 'pwd' => Rex::Text.rand_text_alpha(4)\n }\n })\n\n return res\n end\n\n\n def check_login\n safe_check = Rex::Text.rand_text_alpha(20)\n trigger_check = Rex::Text.rand_text_alpha(300)\n\n res = send_login_request(safe_check)\n\n unless res and res.code == 200 and res.body.to_s =~ /ATEN International Co Ltd\\./ and res.body.to_s =~ /top\\.location\\.href = location\\.href/\n return false\n end\n\n res = send_login_request(trigger_check)\n\n unless res and res.code == 500\n return false\n end\n\n return true\n end\n\n\n def run_host(ip)\n vprint_status(\"Checking if it's a Supermicro IPMI web interface...\")\n if is_supermicro?\n vprint_good(\"Supermicro IPMI web interface found\")\n else\n vprint_error(\"Supermicro IPMI web interface not found\")\n return\n end\n\n vprint_status(\"Checking CVE-2013-3621 (login.gi Buffer Overflow) ...\")\n result = check_login\n if result\n print_good(\"Vulnerable to CVE-2013-3621 (login.cgi Buffer Overflow)\")\n report_vuln({\n :host => rhost,\n :port => rport,\n :proto => 'tcp',\n :name => \"Supermicro Onboard IPMI login.cgi Buffer Overflow\",\n :refs => self.references.select do |ref| ref.ctx_val == \"2013-3621\" end\n })\n end\n\n vprint_status(\"Checking CVE-2013-3623 (close_window.gi Buffer Overflow) ...\")\n result = check_close_window\n if result\n print_good(\"Vulnerable to CVE-2013-3623 (close_window.cgi Buffer Overflow)\")\n report_vuln({\n :host => rhost,\n :port => rport,\n :proto => 'tcp',\n :name => \"Supermicro Onboard IPMI close_window.cgi Buffer Overflow\",\n :refs => self.references.select { |ref| ref.ctx_val == \"2013-3623\" }\n })\n end\n\n end\nend\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/smt_ipmi_cgi_scanner.rb"}], "citrix": [{"lastseen": "2020-11-18T15:29:42", "bulletinFamily": "software", "cvelist": ["CVE-2015-4000", "CVE-2014-3508", "CVE-2015-1792", "CVE-2014-3566", "CVE-2013-3620", "CVE-2014-3572", "CVE-2015-1789", "CVE-2015-0286", "CVE-2013-3623", "CVE-2015-0288", "CVE-2013-3621", "CVE-2014-3511", "CVE-2013-3619", "CVE-2014-8275", "CVE-2014-3570", "CVE-2013-3607", "CVE-2015-0293", "CVE-2013-3609", "CVE-2015-1788", "CVE-2015-0209", "CVE-2014-3567", "CVE-2013-3608", "CVE-2015-0204", "CVE-2013-4434", "CVE-2015-0287", "CVE-2014-3568", "CVE-2013-4421", "CVE-2015-0292", "CVE-2013-3622", "CVE-2015-0205", "CVE-2014-3569", "CVE-2014-3509", "CVE-2015-1791"], "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"DescriptionofProblem\"> Description of Problem</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>A number of security vulnerabilities have been identified in firmware used in the Lights Out Management (LOM) component across all NetScaler-based hardware appliances:</p>\n<ul>\n<li>Citrix NetScaler Application Delivery Controller (ADC)</li>\n<li>Citrix NetScaler Gateway</li>\n<li>Citrix NetScaler Service Delivery Appliance</li>\n<li>Citrix CloudBridge (now NetScaler SD-WAN)</li>\n<li>Citrix Command Center Appliance</li>\n<li>Citrix NetScaler T1 (formerly Citrix ByteMobile)</li>\n</ul>\n<p> </p>\n<p>The following vulnerabilities have been addressed:</p>\n<p>CVE-2013-3607 (High): Stack-based Buffer Overflow</p>\n<p>CVE-2013-3608 (High): Improper Input Validation</p>\n<p>CVE-2013-3609 (High): Improper Privilege Management</p>\n<p>CVE-2013-3619 (High): Static Encryption Keys</p>\n<p>CVE-2013-3620 (High): Hardcoded WSMan Credentials</p>\n<p>CVE-2013-3621 (High): Buffer overflow in login.cgi</p>\n<p>CVE-2013-3623 (High): Buffer overflow in close_window.cgi CGI application</p>\n<p>CVE-2013-3622 (High): Buffer overflow in logout.cgi CGI application</p>\n<p>CVE-2013-4421 (Medium): Denial of service caused by 'buf_decompress()' function</p>\n<p>CVE-2013-4434 (Medium): User-enumeration possible due to timing error during authentication</p>\n<p>CVE-2014-3508 (Medium): Information leak in pretty printing functions</p>\n<p>CVE-2014-3509 (Medium): Race condition in ssl_parse_serverhello_tlsext</p>\n<p>CVE-2014-3511 (Medium): OpenSSL TLS protocol downgrade attack</p>\n<p>CVE-2014-3567 (High): Session Ticket Memory Leak</p>\n<p>CVE-2014-3566 (Low): SSL 3.0 Fallback protection (POODLE)</p>\n<p>CVE-2014-3568 (Medium): Build option no-ssl3 is incomplete</p>\n<p>CVE-2014-3569 (Medium): no-ssl3 configuration sets method to NULL</p>\n<p>CVE-2014-3572 (Medium): ECDHE silently downgrades to ECDH</p>\n<p>CVE-2014-3570 (Medium): Bignum squaring may produce incorrect results</p>\n<p>CVE-2014-8275 (Medium): Certificate fingerprints can be modified</p>\n<p>CVE-2015-0204 (Medium): RSA silently downgrades to EXPORT_RSA</p>\n<p>CVE-2015-0205 (Medium): DH client certificates accepted without verification</p>\n<p>CVE-2015-0286 (Medium): Segmentation fault in ASN1_TYPE_cmp</p>\n<p>CVE-2015-0287 (Medium): ASN.1 structure reuse memory corruption</p>\n<p>CVE-2015-0292 (High): Base64 decode buffer overflow</p>\n<p>CVE-2015-0293 (Medium): DoS via reachable assert in SSLv2 servers</p>\n<p>CVE-2015-0209 (Medium): Use After Free following d2i_ECPrivatekey error</p>\n<p>CVE-2015-0288 (Medium): X509_to_X509_REQ NULL pointer dereference</p>\n<p>CVE-2015-4000 (Low): DHE man-in-the-middle protection (Logjam)</p>\n<p>CVE-2015-1788 (Medium): Malformed ECParameters causes infinite loop (CVE-2015-1788)</p>\n<p>CVE-2015-1789 (High): Exploitable out-of-bounds read in X509_cmp_time</p>\n<p>CVE-2015-1792 (Medium): CMS verify infinite loop with unknown hash function</p>\n<p>CVE-2015-1791 (Medium): Race condition handling NewSessionTicket </p>\n<p>The vulnerabilities mentioned above have varying levels of potential impact, the most severe of which allow a remote unauthenticated attacker to access sensitive information, cause a denial of service, or execute arbitrary code as a privileged user. Please note that there are other vulnerabilities mentioned above of equal or lesser severity that are fixed in the latest firmware.</p>\n<p>These vulnerabilities affect the following versions of the LOM firmware:</p>\n<p>8xxx-based and T1010-based NetScaler MPX/SDX appliances, CB2000 and CB3000 CloudBridge appliances with LOM versions earlier than version 3.21.</p>\n<p>11500/13500/14500/16500/18500/20500, 115xx, 17550/19550/20550/21550-based and T1100-based NetScaler MPX/SDX appliances, CB4000 and CB5000 CloudBridge appliances with LOM versions earlier than version 3.39.</p>\n<p>22xxx-based and T1200-based NetScaler MPX/SDX appliances with LOM versions earlier than version 3.24.</p>\n<p>14xxx and 25xxx-based and T1120 and T1300-based NetScaler MPX/SDX appliances with LOM versions earlier than version 4.08.</p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"MitigatingFactors\"> Mitigating Factors</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>These vulnerabilities are only possible through the LOM Ethernet port. Customers who have not connected the LOM Ethernet port on their appliances remain unaffected.</p>\n<p>When deployed in line with <a href=\"http://docs.citrix.com/content/dam/docs/en-us/netscaler/media/secure-deployment-guide/NetScaler-Secure-Deployment-Guide.pdf\">Citrix NetScaler Secure Deployment recommendations</a>, access to the vulnerable LOM Ethernet port would be limited to trusted users, and the risks presented by these issues would be greatly reduced.</p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCustomersShouldDo\"> What Customers Should Do</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>These vulnerabilities have been addressed in the following versions of the LOM firmware:</p>\n<ul>\n<li>LOM firmware version 3.21 for 8xxx-based and T1010-based NetScaler MPX/SDX appliances, CB2000 and CB3000 CloudBridge appliances. Please note that appliances manufactured on or later than Jan 15, 2016 already contain LOM firmware version 3.21.</li>\n<li>LOM firmware version 3.39 for 11500/13500/14500/16500/18500/20500, 115xx, 17550/19550/20550/21550-based and T1100-based NetScaler MPX/SDX appliances, CB4000 and CB5000 CloudBridge appliances. Please note that appliances manufactured on or later than Jan 15, 2016 already contain LOM firmware version 3.39.</li>\n<li>LOM firmware version 3.24 for 22xxx-based and T1200-based NetScaler appliances. Please note that appliances manufactured on or later than June 7, 2016 already contain LOM firmware version 3.24.</li>\n<li>LOM firmware version 4.08 for 14xxx and 25xxx-based and T1120 and T1300-based NetScaler MPX/SDX appliances. Please note that appliances manufactured on or later than April 21, 2016 already contain LOM firmware version 4.08.</li>\n</ul>\n<p>Customers on all platforms are recommended to verify the LOM firmware version on their deployment. Citrix strongly recommends that affected customers follow the instructions in the following link to update their BMC firmware to a version that contains the fixes for these issues:</p>\n<p> <u> <a href=\"https://www.citrix.com/downloads/netscaler-adc/components/lom-firmware-upgrade.html\">https://www.citrix.com/downloads/netscaler-adc/components/lom-firmware-upgrade.html</a></u></p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCitrixIsDoing\"> What Citrix Is Doing</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=\"http://support.citrix.com/\">http://support.citrix.com/</a></u>.</p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ObtainingSupportonThisIssue\"> Obtaining Support on This Issue</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=\"https://www.citrix.com/support/open-a-support-case.html\">https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ReportingSecurityVulnerabilities\"> Reporting Security Vulnerabilities</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 \u2013 <a href=\"http://support.citrix.com/article/CTX081743\">Reporting Security Issues to Citrix</a></p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"Changelog\"> Changelog</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<table border=\"1\" cellpadding=\"1\" cellspacing=\"0\" width=\"100%\">\n<tbody>\n<tr>\n<td>Date</td>\n<td>Change</td>\n</tr>\n<tr>\n<td>September 8, 2016</td>\n<td>Initial Publishing</td>\n</tr>\n<tr>\n<td>February 9, 2017</td>\n<td>Removed guidance on silent upgrades from What Customers Should Do</td>\n</tr>\n<tr>\n<td>February 27, 2017</td>\n<td>Amended Mitigating Factors and What Customers Should Do</td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n</div></div>\n</section>", "edition": 2, "modified": "2017-02-27T05:00:00", "published": "2016-09-08T04:00:00", "id": "CTX216642", "href": "https://support.citrix.com/article/CTX216642", "title": "Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware", "type": "citrix", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
