Advisory for Citrix Security Update

- NIC-CERT/2022-02/185
- Date: 2022-04-13
- CVE ID: Multiple
- Severity: High
Advisory for Citrix Security Update
Description:
Several security issues have been discovered in Citrix that may allow an attacker to take control of the affected system.
Security Issues Fixed:
Vulnerabilities have been discovered in Citrix Endpoint Management (XenMobile Server), which, collectively, may allow a XenMobile console user with either anadmin role or a custom role that has ‘Create Support Bundles’ enabled,to gain root access to the underlying OS.A vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows). If exploited, this issue would allow an adversary, who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM.
C. Affected Products and Solution:
Refer the below table to fix this vulnerability:
CVE-ID |
Description |
CWE |
Affected Products |
Pre-conditions |
CVE-2022-27505 |
Reflected cross site scripting(XSS)
|
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
Citrix SD-WAN Standard/Premium Edition Appliance |
Victim user must have a current session on the vulnerable device. |
CVE-2022-27506 |
Hard-coded credentials allow administrators toaccess the shell via the SD-WAN CLI |
CWE-798: Use of Hard-coded Credentials |
Citrix SD-WAN Center Management Console, Citrix SD-WAN Standard/Premium Edition Appliance, and Citrix SD-WAN Orchestrator for On-Premises |
Admin access to SD-WAN CLI |
CVE-2022-27503 |
Reflected Cross Site Scripting (XSS) |
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
Citrix StoreFront 1912 LTSR up to and including CU4 (1912.0.4000) Citrix StoreFront 3.12 for 7.15 LTSR up to and including CU8 (3.12.8000) |
A victim user must have a current session on a StoreFront that has been configured to use SAML authentication |
CVE-2021-44519
|
Unauthorized access to the underlying OS |
CWE-284: Improper Access Control |
XenMobile Server 10.14.0 before rolling patch 4 XenMobile Server 10.13.0 before rolling patch 7 |
AXenMobile console user must have either anadmin role or a custom role that has ‘Create Support Bundles’ enabled. These permissions can only be assigned by an adminuser. |
CVE-2021-44520
|
Unauthorized root access to the underlying OS
|
CWE-284: Improper Access Control
|
XenMobile Server 10.14.0 before rolling patch 4 XenMobile Server 10.13.0 before rolling patch 7 |
Access to the underlying OS
|
CVE-2022-26151
|
Unauthorized root access to the underlying OS |
CWE-20: Improper Input Validation
|
XenMobile Server 10.14.0 before rolling patch 5 XenMobile Server 10.13.0 before rolling patch 8 |
Admin access to XenMobile Server CLI |
CVE-2022-21827 |
Arbitrary corruption or deletion of files as SYSTEM |
CWE-284: Improper Access Control |
Citrix Gateway Plug-in for Windows versions before 21.9.1.2 |
Local access to a machine that has the vulnerable plug-in installed |
Please go through the Citrix Knowledge base article mentioned in reference section and apply patch and mitigations.
Reference:
https://support.citrix.com/article/CTX341455