Multiple Vulnerabilities Discovered in Citrix ADC, Gateway & SD-WAN WANOP Appliances

by Daniel Ruiz
Senior Solutions Architect

Multiple vulnerabilities have been discovered in Citrix ADC (NetScaler), Citrix Gateway (NetScaler Gateway) and Citrix SD-WAN WANOP appliances.

Citrix strongly recommends that affected customers install relevant updates as soon as possible.  If exploited could result in the following security issues.

Vulnerabilities:

  • CVE-2020-8299 – Network-based denial-of-service from within the same Layer 2 network segment
  • CVE-2020-8300 – SAML authentication hijack through a phishing attack to steal a valid user session

Affected by CVE-2020-8299(Medium severity vulnerability)

  • Citrix ADC and Citrix Gateway 13.0 before 13.0-76.29
  • Citrix ADC and Citrix Gateway 12.1 before 12.1-61.18
  • Citrix ADC and NetScaler Gateway 11.1 before 65.20
  • Citrix ADC 12.1-FIPS before 12.1-55.238
  • Citrix SD-WAN WANOP 11.4 before 11.4.0
  • Citrix SD-WAN WANOP 11.3 before 11.3.2
  • Citrix SD-WAN WANOP 11.3 before 11.3.1a
  • Citrix SD-WAN WANOP 11.2 before 11.2.3a
  • Citrix SD-WAN WANOP 11.1 before 11.1.2c
  • Citrix SD-WAN WANOP 10.2 before 10.2.9a

Affected by CVE-2020-8300:(High severity vulnerability)

  • Citrix ADC and Citrix Gateway 13.0. before 13.0-82.41
  • Citrix ADC and Citrix Gateway 12.1 before 12.1-62.23
  • Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.20
  • Citrix ADC 12.1-FIPS before 12.1-55.238

Fix to address CVE-2020-8299(Medium severity vulnerability)

Upgrade firmware to the following versions:

  • Citrix ADC and Citrix Gateway 13.0-76.29 and later releases of 13.0
  • Citrix ADC and Citrix Gateway 12.1-61.18 and later releases of 12.1
  • Citrix ADC and NetScaler Gateway 11.1-65.20 and later releases of 11.1
  • Citrix ADC 12.1-FIPS 12.1-55.238 and later releases of 12.1-FIPS
  • Citrix SD-WAN WANOP 11.4.0 and later releases of 11.4
  • Citrix SD-WAN WANOP 11.3.2 and later releases of 11.3
  • Citrix SD-WAN WANOP 11.3.1a and later releases of 11.3
  • Citrix SD-WAN WANOP 11.2.3a and later releases of 11.2
  • Citrix SD-WAN WANOP 11.1.2c and later releases of 11.1
  • Citrix SD-WAN WANOP 10.2.9a and later releases of 10.2

Fix to address CVE-2020-8300(High severity vulnerability)

Upgrade firmware to the following versions:

  • Citrix ADC and Citrix Gateway 13.0-82.41 and later releases of 13.0
  • Citrix ADC and NetScaler Gateway ADC 12.1-62.23 and later releases of 12.1
  • Citrix ADC and NetScaler Gateway 11.1-65.20 and later releases of 11.1
  • Citrix ADC 12.1-FIPS 12.1-55.238 and later releases of 12.1-FIPS

If you would like more information or assistance from our industry leading team of Citrix experts to plan and execute the upgrade, please contact us at service@helient.com.