Advisory for Citrix Security Update

  • NIC-CERT/2022-02/185
  • Date: 2022-04-13
  • CVE ID: Multiple
  • Severity: High

Description:

Several security issues have been discovered in Citrix that may allow an attacker to take control of the affected system.

Security Issues Fixed:

Vulnerabilities have been discovered in Citrix Endpoint Management (XenMobile Server), which, collectively, may allow a XenMobile console user with either anadmin role or a custom role that has ‘Create Support Bundles’ enabled,to gain root access to the underlying OS.A vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows). If exploited, this issue would allow an adversary, who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM.

C. Affected Products and Solution:

Refer the below table to fix this vulnerability:

CVE-ID

Description

CWE

Affected Products

Pre-conditions

CVE-2022-27505

Reflected cross site scripting(XSS)

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Citrix SD-WAN Standard/Premium Edition Appliance

Victim user must have a current session on the vulnerable device.

CVE-2022-27506

Hard-coded credentials allow administrators toaccess the shell via the SD-WAN CLI

CWE-798: Use of Hard-coded Credentials

Citrix SD-WAN Center Management Console, Citrix SD-WAN Standard/Premium Edition Appliance, and Citrix SD-WAN Orchestrator for On-Premises

Admin access to SD-WAN CLI

CVE-2022-27503

Reflected Cross Site Scripting (XSS)

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Citrix StoreFront 1912 LTSR up to and including CU4 (1912.0.4000)

Citrix StoreFront 3.12 for 7.15 LTSR up to and including CU8 (3.12.8000)

A victim user must have a current session on a StoreFront that has been configured to use SAML authentication

CVE-2021-44519

Unauthorized access to the underlying OS

CWE-284: Improper Access Control

XenMobile Server 10.14.0 before rolling patch 4

XenMobile Server 10.13.0 before rolling patch 7

AXenMobile console user must have either anadmin role or a custom role that has ‘Create Support Bundles’ enabled. These permissions can only be assigned by an adminuser.

CVE-2021-44520

Unauthorized root access to the underlying OS

CWE-284: Improper Access Control

XenMobile Server 10.14.0 before rolling patch 4

XenMobile Server 10.13.0 before rolling patch 7

Access to the underlying OS

CVE-2022-26151

Unauthorized root access to the underlying OS

CWE-20: Improper Input Validation

XenMobile Server 10.14.0 before rolling patch 5

XenMobile Server 10.13.0 before rolling patch 8

Admin access to XenMobile Server CLI

CVE-2022-21827

Arbitrary corruption or deletion of files as SYSTEM

CWE-284: Improper Access Control

Citrix Gateway Plug-in for Windows versions before 21.9.1.2

Local access to a machine that has the vulnerable plug-in installed


Please go through the Citrix Knowledge base article mentioned in reference section and apply patch and mitigations.

Reference:

https://support.citrix.com/article/CTX341455