Vulmon
Description of Problem
A vulnerability has been identified in the management interface of the Citrix NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition appliances. This vulnerability, if exploited, could allow an attacker with access to the management interface of the appliance’s NetScaler ADC instance to gain administrative access to the instance.
This vulnerability has been assigned the following CVE number:
- CVE-2017-14602: Authentication Bypass Vulnerability in Citrix NetScaler ADC and NetScaler Gateway Management Interface
This vulnerability affects the following combinations of Citrix NetScaler SD-WAN/Cloudbridge hardware and software:
- Citrix NetScaler SD-WAN 4000, 4100, 5000 and 5100 WAN Optimization Edition appliances, when running software versions 9.0.x, 9.1.x, 9.2 earlier than 9.2.1.1002 or software version 9.3 earlier than 9.3.0.1000.
- Citrix NetScaler SD-WAN/Cloudbridge 4000 and 5000 WAN Optimization Edition appliances, when running software version 7 earlier than 7.4.6.1002.
Mitigating Factors
In order to exploit this vulnerability, an attacker would require access to the management interface of the appliance’s NetScaler ADC instance. In situations where customers have deployed their appliances in line with industry best practice, network access to this interface should already be restricted.
What Customers Should Do
This vulnerability has been addressed in the following software versions:
- Citrix NetScaler SD-WAN WAN Optimization Edition software 9.3.0.1000
- Citrix NetScaler SD-WAN WAN Optimization Edition software 9.2.1.1002
- Citrix CloudBridge WAN Optimization Edition software 7.4.6.1002
Citrix strongly recommends that customers using vulnerable combinations of hardware and software upgrade their appliances to a version of the software that contains a fix for this issue as soon as possible.
These versions are available on the Citrix website at the following address:
https://www.citrix.com/downloads/netscaler-sd-wan/
In line with general best practice, Citrix also recommends that customers limit access to the management interfaces of the NetScaler SD-WAN appliances to trusted network traffic only.
Acknowledgements
Citrix thanks Frank Gifford of NCC Group (https://nccgroup.trust) for working with us to protect Citrix customers.
What Citrix Is Doing
Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at http://support.citrix.com/.
Obtaining Support on This Issue
If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at https://www.citrix.com/support/open-a-support-case.html.
Reporting Security Vulnerabilities
Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 – Reporting Security Issues to Citrix
Changelog
| Date | Change |
| 26th September 2017 | Initial publishing |
| 27th September 2017 | Update to What Customers Should Do section |
| 15th August 2019 | Updated Title |