Security News > 2020 > July > Citrix tells everyone not to worry too much about its latest security patches. NSA's former top hacker disagrees

Citrix tells everyone not to worry too much about its latest security patches. NSA's former top hacker disagrees
2020-07-08 10:55

Citrix has issued patches for 11 CVE-listed security vulnerabilities in its various networking products.

Affected gear includes the Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP. So far there have been no reports of any of the bugs being targeted in the wild, though Rob Joyce, former head of the NSA's Tailored Access Operations elite hacking team, urged admins to apply the patches - right after fixes emerged for vulns in F5 and Palo Alto networking gear, too.

Those who rely on Linux PCs will want to check out CVE-2020-8199, a flaw in the Citrix Gateway Plugin for Linux that can be exploited by a rogue user or malware already on the system to elevate its privileges and cause more damage.

That is a denial-of-service flaw in Citrix ADC and Citrix Gateway 12.0 or 11.1.

Looking to avoid a repeat of the Christmas security crisis, when a remote code execution bug was disclosed in ADC and Gateway, Citrix made a point of trying to calm the nerves of admins by bringing out CISO Fermin Serna to explain that none of the bugs are as serious, or as easily exploited, as the infamous CVE-2019-19781 "Shitrix" vulnerability in December.


News URL

https://go.theregister.com/feed/www.theregister.com/2020/07/08/citrix_eleven_patches/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-07-10 CVE-2020-8199 Unspecified vulnerability in Citrix Gateway Plug-In for Linux
Improper access control in Citrix ADC Gateway Linux client versions before 1.0.0.137 results in local privilege escalation to root.
local
low complexity
citrix
7.8
2019-12-27 CVE-2019-19781 Path Traversal vulnerability in Citrix products
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0.
network
low complexity
citrix CWE-22
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Citrix 66 2 64 101 46 213