Description of Problem
Multiple vulnerabilities have been discovered in Citrix SD-WAN Center that, if exploited, could allow an unauthenticated attacker with network access to SD-WAN Center to perform arbitrary code execution as root.
These vulnerabilities have the following identifiers:
CVE | Description | Vulnerability Type | Pre-conditions |
CVE-2020-8271 | Unauthenticated remote code execution with root privileges | CWE-23: Path Traversal | An attacker must be able to communicate with SD-WAN Center’s Management IP/FQDN |
CVE-2020-8272 | Authentication Bypass resulting in exposure of SD-WAN functionality | CWE-287: Improper Authentication | An attacker must be able to communicate with SD-WAN Center’s Management IP/FQDN |
CVE-2020-8273 | Privilege escalation of an authenticated user to root | CWE-78: Improper Neutralization of Special Elements used in an OS Command (‹OS Command Injection›) | The attacker must be an authenticated user on SD-WAN Center |
The following supported versions of Citrix SD-WAN Center are affected by these issues:
- Citrix SD-WAN 11.2 before 11.2.2
- Citrix SD-WAN 11.1 before 11.1.2b
- Citrix SD-WAN 10.2 before 10.2.8
Other versions are now End of Life and no longer supported.
Mitigating Factors
Citrix SD-WAN Center is an internal management platform for Citrix SD-WAN and access to Citrix SD-WAN Center is likely to be restricted.
What Customers Should Do
The issues have been addressed in the following versions of Citrix SD-WAN Center:
- Citrix SD-WAN 11.2.2 and later versions of Citrix SD-WAN 11.2
- Citrix SD-WAN 11.1.2b and later versions of Citrix SD-WAN 11.1
- Citrix SD-WAN 10.2.8 and later versions of Citrix SD-WAN 10.2
Affected customers are strongly recommended to immediately update their deployments.
The latest versions of Citrix SD-WAN Center are available at: https://www.citrix.com/en-gb/downloads/citrix-sd-wan/
Acknowledgements
Citrix would like to thank Ariel Tempelhof of Realmode Labs for working with us to protect Citrix customers.
What Citrix Is Doing
Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at http://support.citrix.com/.
Obtaining Support on This Issue
If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at https://www.citrix.com/support/open-a-support-case.html.
Reporting Security Vulnerabilities
Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the Citrix Trust Center at https://www.citrix.com/about/trust-center/vulnerability-process.html