İçeriğe geç

Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update

Citrix ADC (eski adıyla NetScaler ADC), Citrix Gateway (eski adıyla NetScaler Gateway) ve Citrix SD-WAN WANOP cihaz modelleri 4000-WO, 4100-WO, 5000-WO ve 5100-WO’da birden fazla güvenlik açığı bulunmuştur.

Bu güvenlik açıklarından yararlanılırsa aşağıdaki güvenlik sorunlarına neden olabilir:

CVE-ID Description CWE Affected Products Pre-conditions
CVE-2020-8299 Network-based denial-of-service from within the same Layer 2 network segment CWE-400: Uncontrolled Resource Consumption Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP The attacker machine must be in the same Layer 2 network segment as the vulnerable appliance
CVE-2020-8300 SAML authentication hijack through a phishing attack to steal a valid user session CWE-284: Improper access control Citrix ADC, Citrix Gateway Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP

Citrix ADC, Citrix Gateway ve Citrix SD-WAN WANOP’un aşağıdaki desteklenen sürümleri, Medium severity bir güvenlik açığı olan CVE-2020-8299’u adresler.

  • Citrix ADC and Citrix Gateway 13.0-76.29 and later releases of 13.0
  • Citrix ADC and Citrix Gateway 12.1-61.18 and later releases of 12.1
  • Citrix ADC and NetScaler Gateway 11.1-65.20 and later releases of 11.1
  • Citrix ADC 12.1-FIPS 12.1-55.238 and later releases of 12.1-FIPS
  • Citrix SD-WAN WANOP 11.4.0 and later releases of 11.4
  • Citrix SD-WAN WANOP 11.3.2 and later releases of 11.3
  • Citrix SD-WAN WANOP 11.3.1a and later releases of 11.3
  • Citrix SD-WAN WANOP 11.2.3a and later releases of 11.2
  • Citrix SD-WAN WANOP 11.1.2c and later releases of 11.1
  • Citrix SD-WAN WANOP 10.2.9a and later releases of 10.2

 

Citrix ADC ve Citrix Gateway’in aşağıdaki desteklenen sürümleri, High severity bir güvenlik açığı olan CVE-2020-8300’ü ele almaktadır.

  • Citrix ADC and Citrix Gateway 13.0-82.41 and later releases of 13.0
  • Citrix ADC and NetScaler Gateway ADC 12.1-62.23 and later releases of 12.1
  • Citrix ADC and NetScaler Gateway 11.1-65.20 and later releases of 11.1
  • Citrix ADC 12.1-FIPS 12.1-55.238 and later releases of 12.1-FIPS

Ek olarak, cihazınızı stabil versiyona yükselttikten sonra CVE-2020-8300 sorunu çözmek için cihaz configurasyon’ unu aşağıda bulunan Configuration Reference Guide’ a bakarak yapabilirsiniz.

https://support.citrix.com/article/CTX316577

Güvenlik açığı ile ilgili daha ayrıntılı bilgiye aşağıdaki linkten ulaşabilirsiniz;

https://support.citrix.com/article/CTX297155

Tarih:Haberler

12 Yorum

  1. Hi, i believe that i saw you visited my website so i came to
    go back the desire?.I’m attempting to in finding issues to enhance my
    web site!I assume its ok to use a few of your concepts!!

  2. Thanks for ones marvelous posting! I quite enjoyed reading it,
    you could be a great author. I will be sure to
    bookmark your blog and will often come back in the foreseeable
    future. I want to encourage you continue your great work,
    have a nice morning!

  3. My family members every time say that I am killing my time here at web, however I know I am getting knowledge everyday by reading such good
    articles.

  4. Have you ever considered about adding a little bit more than just your articles?

    I mean, what you say is important and all. However imagine if you added some great visuals or videos to give your posts more, “pop”!
    Your content is excellent but with pics and video clips, this website could
    undeniably be one of the best in its field. Excellent blog!

  5. Hmm it looks like your website ate my first comment (it was
    super long) so I guess I’ll just sum it up what I wrote and say,
    I’m thoroughly enjoying your blog. I too am an aspiring blog writer but
    I’m still new to everything. Do you have any tips for rookie blog writers?
    I’d certainly appreciate it.

  6. Wonderful beat ! I wish to apprentice whilst you amend your web site, how
    can i subscribe for a weblog site? The account helped
    me a acceptable deal. I were a little bit familiar of this
    your broadcast provided vibrant clear concept

  7. Wow, superb blog layout! How long have you been blogging for?
    you made blogging look easy. The overall look of your
    website is magnificent, as well as the content!

  8. Hello, this weekend is nice designed for me,
    for the reason that this point in time i am reading this wonderful educational post here at my
    home.

  9. I just like the helpful info you provide to your articles.

    I’ll bookmark your weblog and check once more right here
    frequently. I am fairly certain I’ll be told a lot of new stuff proper right here!
    Good luck for the following!

  10. Does your blog have a contact page? I’m having trouble
    locating it but, I’d like to shoot you an e-mail.
    I’ve got some ideas for your blog you might be interested in hearing.
    Either way, great blog and I look forward to seeing it develop over time.

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir