Newly Announced Vulnerabilities for Citrix ADC, Gateway & SD-WAN WANOP Edition

by Richard Charlton
Senior Systems Engineer

Updated September 20, 2020: Citrix released an update with a clarification! “Customers should note that Citrix ADC and Citrix Gateway 12.0, which has reached End of Maintenance, is impacted by these vulnerabilities. Citrix recommends that customers using this version upgrade to a later version that addresses these issues.”

On Thursday September 17th, Citrix announced three new vulnerabilities affecting the following products:

• Citrix ADC (formerly NetScaler ADC)
• Citrix Gateway (formerly NetScaler Gateway)
• Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO

The three vulnerabilities, affecting all three products are:

• CVE-2020-8245 – HTML Injection attack against the SSL VPN web portal that allows improper neutralization of input during web page generation if an authenticated victim opens a malicious link in the web browser (this does not impact SD-WAN WANOP appliances)
• CVE-2020-8246 – A denial of service attack can cause uncontrolled resource utilization when launched from the management network
• CVE-2020-8247 – An escalation of privileges on the management interfaces if an attacker can authenticate

In order to address the vulnerabilities, customers are advised to upgrade to the following versions as soon as possible:

• Citrix ADC and Citrix Gateway 13.0-64.35 and later releases
• Citrix ADC and NetScaler Gateway 12.1-58.15 and later releases
• Citrix ADC 12.1-FIPS 12.1-55.187 and later releases
• Citrix ADC and NetScaler Gateway 11.1-65.12 and later releases
• Citrix SD-WAN WANOP 11.2.1a and later releases
• Citrix SD-WAN WANOP 11.1.2a and later releases
• Citrix SD-WAN WANOP 11.0.3f and later releases
• Citrix SD-WAN WANOP 10.2.7b and later releases

Citrix also advises that additional enhancements in these releases will protect against HTTP Request Smuggling attacks.

Full details of the vulnerabilities may be found at https://support.citrix.com/article/CTX281474.

Additional details for enabling the new HTTP Request Smuggling mitigations may be found in https://support.citrix.com/article/CTX282268.

If you would like more information or assistance from Helient’s industry-leading team of Citrix experts to plan and execute the upgrade, please contact us at service@helient.com.