Menu
Ask us how we can help secure your environment with the top 10-12 security enhancements every firm should have. #ITCornerView
June 15, 2021
Urgency/Severity: HIGH
Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO.
These vulnerabilities, if exploited, could result in the following security issues:
| CVE-ID | Description | CWE | Affected Products | Pre-conditions |
|---|---|---|---|---|
| CVE-2020-8299 | Network-based denial-of-service from within the same Layer 2 network segment | CWE-400: Uncontrolled Resource Consumption | Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP Edition | The attacker machine must be in the same Layer 2 network segment as the vulnerable appliance |
| CVE-2020-8300 | SAML authentication hijack through a phishing attack to steal a valid user session | CWE-284: Improper access control | Citrix ADC, Citrix Gateway | Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP |
Citrix strongly recommends that affected customers install relevant firmware upgrades as soon as possible.
Please see this link for official advisory from Citrix:
https://support.citrix.com/article/CTX297155
