Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update

Description of Problem

在Citrix ADC(以前称为NetScaler ADC),Citrix网关(以前称为NetScaler Gateway)和Citrix SD-WAN WANOP设备模型4000-WO,4100-WO,5000-WO和5100-WO中发现了多个漏洞。 如果利用这些漏洞,可能会导致以下安全问题:

CVE IDDescriptionVulnerability TypeAffected ProductsPre-conditions
CVE-2020-8245针对SSL VPN网站门户的HTML注入攻击CWE-79: Improper Neutralization of Input During Web Page GenerationCitrix ADC, Citrix GatewayRequires an authenticated victim on the SSL VPN web portal who must open an attacker-controlled link in the browser
CVE-2020-8246来自管理网络的拒绝服务攻击CWE-400: Uncontrolled Resource Consumption Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OPUnauthenticated attacker with access to the management network
CVE-2020-8247提升管理界面上的权限CWE-269: Improper Privilege ManagementCitrix ADC, Citrix Gateway, Citrix SDWAN WAN-OPAn attacker must possess privilege to execute arbitrary commands on the management interface

在以下受支持的版本中解决了该漏洞:

  • Citrix ADC and Citrix Gateway 13.0-64.35 and later releases
  • Citrix ADC and NetScaler Gateway 12.1-58.15 and later releases
  • Citrix ADC 12.1-FIPS 12.1-55.187 and later releases
  • Citrix ADC and NetScaler Gateway 11.1-65.12 and later releases
  • Citrix SD-WAN WANOP 11.2.1a and later releases
  • Citrix SD-WAN WANOP 11.1.2a and later releases
  • Citrix SD-WAN WANOP 11.0.3f and later releases
  • Citrix SD-WAN WANOP 10.2.7b and later releases

客户应该注意到,Citrix ADC和Citrix Gateway 12.0(已结束维护)受到这些漏洞的影响。Citrix建议使用此版本的客户升级到解决这些问题的更高版本。

此外,以上版本的Citrix ADC,Citrix网关和Citrix SD-WAN WANOP中已添加了安全增强功能,以帮助保护客户免受HTTP Request Smuggling攻击。 客户可以使用Citrix ADC管理界面启用这些增强功能。 有关更多信息,请参阅https://support.citrix.com/article/CTX282268。

提取码: x17i

暂无评论

发送评论 编辑评论


				
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
颜文字
Emoji
小恐龙
花!
上一篇
下一篇