Multiple vulnerabilities in the Citrix Application Delivery Controller (ADC) and Gateway would allow code injection, information disclosure and denial of service, the networking vendor announced Tuesday. Four of the bugs are exploitable by an unauthenticated, remote attacker.
The Citrix products (formerly known as NetScaler ADC and Gateway) are used for application-aware traffic management and secure remote access, respectively, and are installed in at least 80,000 companies in 158 countries, according to a December assessment from Positive Technologies.
Other flaws announced Tuesday also affect Citrix SD-WAN WANOP appliances, models 4000-WO, 4100-WO, 5000-WO and 5100-WO.
Attacks on the management interface of the products could result in system compromise by an unauthenticated user on the management network; or system compromise through cross-site scripting (XSS). Attackers could also create a download link for the device which, if downloaded and then executed by an unauthenticated user on the management network, could result in the compromise of a local computer.
“Customers who have configured their systems in accordance with Citrix recommendations [i.e., to have this interface separated from the network and protected by a firewall] have significantly reduced their risk from attacks to the management interface,” according to the vendor.
Threat actors could also mount attacks on Virtual IPs (VIPs). VIPs, among other things, are used to provide users with a unique IP address for communicating with network resources for applications that do not allow multiple connections or users from the same IP address.
The VIP attacks include denial of service against either the Gateway or Authentication virtual servers by an unauthenticated user; or remote port scanning of the internal network by an authenticated Citrix Gateway user.
“Attackers can only discern whether a TLS connection is possible with the port and cannot communicate further with the end devices,” according to the critical Citrix advisory. “Customers who have not enabled either the Gateway or Authentication virtual servers are not at risk from attacks that are applicable to those servers. Other virtual servers e.g. load balancing and content switching virtual servers are not affected by these issues.”
A final vulnerability has been found in Citrix Gateway Plug-in for Linux that would allow a local logged-on user of a Linux system with that plug-in installed to elevate their privileges to an administrator account on that computer, the company said.
#vulnerabilities #adc #citrix #code injection #critical advisory #cve-2020-8187 #cve-2020-8190 #cve-2020-8191 #cve-2020-8193 #cve-2020-8194 #cve-2020-8195 #cve-2020-8196 #cve-2020-8197 #cve-2020-8198 #cve-2020-8199 #denial of service #gateway #information disclosure #patches #security advisory #security bugs
Does your business need an interactive website or app?
The technology used to develop the overall app by the developers from WebClues Infotech is at par with the latest available technology.
For more inquiry click here https://bit.ly/31eZyDZ
Book Free Interview: https://bit.ly/3dDShFg
The DHTMLX diagram library allows creating easily configurable graphs for visualization of hierarchical data. Besides org charts, you can create almost any type of hierarchical diagrams. You can choose from organizational charts, flowcharts, block and network diagrams, decision trees, mind maps, UML Class diagrams, mixed diagrams, and any other types of diagrams. This variety of diagrams can be generated using a built-in set of shapes or with the help of custom shapes.
You can set up any diagram shape you need with text, icons, images, and any other custom content via templates in a few lines of code. All these parameters can be later changed from the UI via the sidebar options in the editor.
The edit mode gives an opportunity to make changes on-the-fly without messing with the source code. An interactive interface of the editor supports drag-and-drop and permits you to change each item of your diagram. You can drag diagram items with your mouse and set the size and position property of an item via the editor. The multiselection feature can help to speed up your work in the editor, as it enables you to manipulate several shapes.
The library has an exporting feature. You can export your diagram to a PDF, PNG, or JSON format. Zooming and scrolling options will be useful in case you work with diagrams containing a big number of items. There is also a search feature that helps you to quickly find the necessary shape and make your work with complex diagrams even more convenient by expanding and collapsing shapes when necessary. To show the structure of an organization compactly, you can use the vertical mode.
The documentation page will appeal both to beginners and experienced developers. A well-written beginner’s guide contains the source code with explanations. A bunch of guides will help with further configuration, so you’ll be able to create a diagram that better suits your needs. At the moment, there are three types of licenses available. The commercial license for the team of five or fewer developers costs $599, the enterprise license goes for $1299 per company, and the ultimate license has a price tag of $2899.