Description of Problem
在Citrix ADC(以前称为NetScaler ADC),Citrix网关(以前称为NetScaler Gateway)和Citrix SD-WAN WANOP设备模型4000-WO,4100-WO,5000-WO和5100-WO中发现了多个漏洞。 如果利用这些漏洞,可能会导致以下安全问题:
| CVE ID | Description | Vulnerability Type | Affected Products | Pre-conditions |
| CVE-2020-8245 | 针对SSL VPN网站门户的HTML注入攻击 | CWE-79: Improper Neutralization of Input During Web Page Generation | Citrix ADC, Citrix Gateway | Requires an authenticated victim on the SSL VPN web portal who must open an attacker-controlled link in the browser |
| CVE-2020-8246 | 来自管理网络的拒绝服务攻击 | CWE-400: Uncontrolled Resource Consumption | Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP | Unauthenticated attacker with access to the management network |
| CVE-2020-8247 | 提升管理界面上的权限 | CWE-269: Improper Privilege Management | Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP | An attacker must possess privilege to execute arbitrary commands on the management interface |
在以下受支持的版本中解决了该漏洞:
- Citrix ADC and Citrix Gateway 13.0-64.35 and later releases
- Citrix ADC and NetScaler Gateway 12.1-58.15 and later releases
- Citrix ADC 12.1-FIPS 12.1-55.187 and later releases
- Citrix ADC and NetScaler Gateway 11.1-65.12 and later releases
- Citrix SD-WAN WANOP 11.2.1a and later releases
- Citrix SD-WAN WANOP 11.1.2a and later releases
- Citrix SD-WAN WANOP 11.0.3f and later releases
- Citrix SD-WAN WANOP 10.2.7b and later releases
客户应该注意到,Citrix ADC和Citrix Gateway 12.0(已结束维护)受到这些漏洞的影响。Citrix建议使用此版本的客户升级到解决这些问题的更高版本。
此外,以上版本的Citrix ADC,Citrix网关和Citrix SD-WAN WANOP中已添加了安全增强功能,以帮助保护客户免受HTTP Request Smuggling攻击。 客户可以使用Citrix ADC管理界面启用这些增强功能。 有关更多信息,请参阅https://support.citrix.com/article/CTX282268。
提取码: x17i