Citrix ADC (eski adıyla NetScaler ADC), Citrix Gateway (eski adıyla NetScaler Gateway) ve Citrix SD-WAN WANOP cihaz modelleri 4000-WO, 4100-WO, 5000-WO ve 5100-WO’da birden fazla güvenlik açığı bulunmuştur.
Bu güvenlik açıklarından yararlanılırsa aşağıdaki güvenlik sorunlarına neden olabilir:
CVE-ID | Description | CWE | Affected Products | Pre-conditions |
CVE-2020-8299 | Network-based denial-of-service from within the same Layer 2 network segment | CWE-400: Uncontrolled Resource Consumption | Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP | The attacker machine must be in the same Layer 2 network segment as the vulnerable appliance |
CVE-2020-8300 | SAML authentication hijack through a phishing attack to steal a valid user session | CWE-284: Improper access control | Citrix ADC, Citrix Gateway | Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP |
Citrix ADC, Citrix Gateway ve Citrix SD-WAN WANOP’un aşağıdaki desteklenen sürümleri, Medium severity bir güvenlik açığı olan CVE-2020-8299’u adresler.
- Citrix ADC and Citrix Gateway 13.0-76.29 and later releases of 13.0
- Citrix ADC and Citrix Gateway 12.1-61.18 and later releases of 12.1
- Citrix ADC and NetScaler Gateway 11.1-65.20 and later releases of 11.1
- Citrix ADC 12.1-FIPS 12.1-55.238 and later releases of 12.1-FIPS
- Citrix SD-WAN WANOP 11.4.0 and later releases of 11.4
- Citrix SD-WAN WANOP 11.3.2 and later releases of 11.3
- Citrix SD-WAN WANOP 11.3.1a and later releases of 11.3
- Citrix SD-WAN WANOP 11.2.3a and later releases of 11.2
- Citrix SD-WAN WANOP 11.1.2c and later releases of 11.1
- Citrix SD-WAN WANOP 10.2.9a and later releases of 10.2
Citrix ADC ve Citrix Gateway’in aşağıdaki desteklenen sürümleri, High severity bir güvenlik açığı olan CVE-2020-8300’ü ele almaktadır.
- Citrix ADC and Citrix Gateway 13.0-82.41 and later releases of 13.0
- Citrix ADC and NetScaler Gateway ADC 12.1-62.23 and later releases of 12.1
- Citrix ADC and NetScaler Gateway 11.1-65.20 and later releases of 11.1
- Citrix ADC 12.1-FIPS 12.1-55.238 and later releases of 12.1-FIPS
Ek olarak, cihazınızı stabil versiyona yükselttikten sonra CVE-2020-8300 sorunu çözmek için cihaz configurasyon’ unu aşağıda bulunan Configuration Reference Guide’ a bakarak yapabilirsiniz.
https://support.citrix.com/article/CTX316577
Güvenlik açığı ile ilgili daha ayrıntılı bilgiye aşağıdaki linkten ulaşabilirsiniz;