{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2021-027.pdf"
    },
    "title": "Multiple Vulnerabilities in Citrix",
    "serial_number": "2021-027",
    "publish_date": "10-06-2021 18:28:00",
    "description": "On the 8th of June, Citrix released a Security Update about CVE-2020-8299 (medium severity) and CVE-2020-8300 (high severity) vulnerabilities. The medium severity vulnerability is a network-based denial-of-service. The high severity vulnerability is a SAML authentication hijacking caused by an improper access control.",
    "url_title": "2021-027",
    "content_markdown": "---\ntitle: 'Multiple Vulnerabilities in\u00a0Citrix'\nversion: '1.0'\nnumber: '2021-027'\ndate: 'June 10, 2021'\n---\n\n_History:_\n\n* _10/06/2021 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn the 8th of June, Citrix released a Security Update about CVE-2020-8299 (medium severity) and CVE-2020-8300 (high severity) vulnerabilities [1]. The medium severity vulnerability is a network-based denial-of-service. The high severity vulnerability is a SAML authentication hijacking caused by an improper access control [2].\n\n# Technical Details\n\nCVE-2020-8299 is a network-based denial-of-service vulnerability. The attacker must be in the same Layer 2 network segment as the vulnerable appliance and the affected products are Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP.\n\nCVE-2020-8300 is a SAML authentication hijack vulnerability caused by an improper access control. By using a phishing attack, the exploitation of this vulnerability may allow an attacker to steal a valid user session. The affected products are Citrix ADC or Citrix Gateway which must be configured as a SAML SP or a SAML IdP.\n\nThere are no additional technical details shared by Citrix.\n\n# Products Affected\n\nCVE-2020-8299 affects the following supported versions of Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP:\n\n- Citrix ADC and Citrix Gateway 13.0 before 13.0-76.29\n- Citrix ADC and Citrix Gateway 12.1 before 12.1-61.18\n- Citrix ADC and NetScaler Gateway 11.1 before 65.20\n- Citrix ADC 12.1-FIPS before 12.1-55.238\n- Citrix SD-WAN WANOP 11.4 before 11.4.0\n- Citrix SD-WAN WANOP 11.3 before 11.3.2\n- Citrix SD-WAN WANOP 11.3 before 11.3.1a\n- Citrix SD-WAN WANOP 11.2 before 11.2.3a\n- Citrix SD-WAN WANOP 11.1 before 11.1.2c\n- Citrix SD-WAN WANOP 10.2 before 10.2.9a\n\n\nCVE-2020-8300 is applied to the following supported versions of Citrix ADC and Citrix Gateway:\n\n- Citrix ADC and Citrix Gateway 13.0. before 13.0-82.41\n- Citrix ADC and Citrix Gateway 12.1 before 12.1-62.23\n- Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.20\n- Citrix ADC 12.1-FIPS before 12.1-55.238\n\n\nThese issues have already been addressed in Citrix-managed cloud services such as Citrix Gateway Service and Citrix Secure Workspace Access. Customers using Citrix-managed services do not need to take any additional action.\n\n# Recommendations\n\nCitrix recommends the affected customers to install relevant updates as soon as possible.\n\nFor CVE-2020-8300, when the Citrix ADC and/or Citrix Cloud Gateway are used as a SAML SP, SAML IdP, or both, upgrade to at least the following versions:\n\n- Citrix ADC and Citrix Gateway 13.0-82.41\n- Citrix ADC and NetScaler Gateway ADC 12.1-62.23\n- Citrix ADC and NetScaler Gateway 11.1-65.20\n- Citrix ADC 12.1-FIPS 12.1-55.238\n\nFor CVE-2020-8299, the Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP should be upgraded to at least the following versions:  \n\n- Citrix ADC and Citrix Gateway 13.0-76.29\n- Citrix ADC and Citrix Gateway 12.1-61.18\n- Citrix ADC and NetScaler Gateway 11.1-65.20\n- Citrix ADC 12.1-FIPS 12.1-55.238\n- Citrix SD-WAN WANOP 11.4.0\n- Citrix SD-WAN WANOP 11.3.2\n- Citrix SD-WAN WANOP 11.3.1a\n- Citrix SD-WAN WANOP 11.2.3a\n- Citrix SD-WAN WANOP 11.1.2c\n- Citrix SD-WAN WANOP 10.2.9a\n\n# References\n\n[1] <https://support.citrix.com/article/CTX297155>\n\n[2] <https://dirteam.com/sander/2021/06/08/saml-authentication-hijack-vulnerability-on-citrix-adc-and-citrix-gateway-appliances-cve-2020-8300/>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>10/06/2021 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On the 8th of June, Citrix released a Security Update about CVE-2020-8299 (medium severity) and CVE-2020-8300 (high severity) vulnerabilities [1]. The medium severity vulnerability is a network-based denial-of-service. The high severity vulnerability is a SAML authentication hijacking caused by an improper access control [2].</p><h2 id=\"technical-details\">Technical Details</h2><p>CVE-2020-8299 is a network-based denial-of-service vulnerability. The attacker must be in the same Layer 2 network segment as the vulnerable appliance and the affected products are Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP.</p><p>CVE-2020-8300 is a SAML authentication hijack vulnerability caused by an improper access control. By using a phishing attack, the exploitation of this vulnerability may allow an attacker to steal a valid user session. The affected products are Citrix ADC or Citrix Gateway which must be configured as a SAML SP or a SAML IdP.</p><p>There are no additional technical details shared by Citrix.</p><h2 id=\"products-affected\">Products Affected</h2><p>CVE-2020-8299 affects the following supported versions of Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP:</p><ul><li>Citrix ADC and Citrix Gateway 13.0 before 13.0-76.29</li><li>Citrix ADC and Citrix Gateway 12.1 before 12.1-61.18</li><li>Citrix ADC and NetScaler Gateway 11.1 before 65.20</li><li>Citrix ADC 12.1-FIPS before 12.1-55.238</li><li>Citrix SD-WAN WANOP 11.4 before 11.4.0</li><li>Citrix SD-WAN WANOP 11.3 before 11.3.2</li><li>Citrix SD-WAN WANOP 11.3 before 11.3.1a</li><li>Citrix SD-WAN WANOP 11.2 before 11.2.3a</li><li>Citrix SD-WAN WANOP 11.1 before 11.1.2c</li><li>Citrix SD-WAN WANOP 10.2 before 10.2.9a</li></ul><p>CVE-2020-8300 is applied to the following supported versions of Citrix ADC and Citrix Gateway:</p><ul><li>Citrix ADC and Citrix Gateway 13.0. before 13.0-82.41</li><li>Citrix ADC and Citrix Gateway 12.1 before 12.1-62.23</li><li>Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.20</li><li>Citrix ADC 12.1-FIPS before 12.1-55.238</li></ul><p>These issues have already been addressed in Citrix-managed cloud services such as Citrix Gateway Service and Citrix Secure Workspace Access. Customers using Citrix-managed services do not need to take any additional action.</p><h2 id=\"recommendations\">Recommendations</h2><p>Citrix recommends the affected customers to install relevant updates as soon as possible.</p><p>For CVE-2020-8300, when the Citrix ADC and/or Citrix Cloud Gateway are used as a SAML SP, SAML IdP, or both, upgrade to at least the following versions:</p><ul><li>Citrix ADC and Citrix Gateway 13.0-82.41</li><li>Citrix ADC and NetScaler Gateway ADC 12.1-62.23</li><li>Citrix ADC and NetScaler Gateway 11.1-65.20</li><li>Citrix ADC 12.1-FIPS 12.1-55.238</li></ul><p>For CVE-2020-8299, the Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP should be upgraded to at least the following versions: </p><ul><li>Citrix ADC and Citrix Gateway 13.0-76.29</li><li>Citrix ADC and Citrix Gateway 12.1-61.18</li><li>Citrix ADC and NetScaler Gateway 11.1-65.20</li><li>Citrix ADC 12.1-FIPS 12.1-55.238</li><li>Citrix SD-WAN WANOP 11.4.0</li><li>Citrix SD-WAN WANOP 11.3.2</li><li>Citrix SD-WAN WANOP 11.3.1a</li><li>Citrix SD-WAN WANOP 11.2.3a</li><li>Citrix SD-WAN WANOP 11.1.2c</li><li>Citrix SD-WAN WANOP 10.2.9a</li></ul><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://support.citrix.com/article/CTX297155\">https://support.citrix.com/article/CTX297155</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://dirteam.com/sander/2021/06/08/saml-authentication-hijack-vulnerability-on-citrix-adc-and-citrix-gateway-appliances-cve-2020-8300/\">https://dirteam.com/sander/2021/06/08/saml-authentication-hijack-vulnerability-on-citrix-adc-and-citrix-gateway-appliances-cve-2020-8300/</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}