Citrix ADVISORY:
Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update

Connect with us at
www.Cornerstone.IT/contact for the latest updates.

Citrix has announced multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO.

Please install updates to remediate.

Ask us how we can help secure your environment with the top 10-12 security enhancements every firm should have.  #ITCornerView


Description of Problem

Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could result in the following security issues:

CVE IDDescriptionVulnerability TypeAffected ProductsPre-conditions
CVE-2020-8245An HTML Injection attack against the SSL VPN web portal CWE-79: Improper Neutralization of Input During Web Page GenerationCitrix ADC, Citrix GatewayRequires an authenticated victim on the SSL VPN web portal who must open an attacker-controlled link in the browser
CVE-2020-8246A denial of service attack originating from the management network CWE-400: Uncontrolled Resource Consumption Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OPUnauthenticated attacker with access to the management network
CVE-2020-8247Escalation of privileges on the management interfaceCWE-269: Improper Privilege ManagementCitrix ADC, Citrix Gateway, Citrix SDWAN WAN-OPAn attacker must possess privilege to execute arbitrary commands on the management interface

#Security

#Citrix Alerts

#Citrix ADC

Cornerstone.IT