Three security bugs in the Citrix software-defined (SD)-WAN platform would allow remote code-execution and network takeover, according to researchers. The flaws affect the Citrix SD-WAN Center (in versions before 11.2.2, 11.1.2b and 10.2.8). They consist of an unauthenticated path traversal and shell injection problem in stop_ping (CVE-2020–8271); a ConfigEditor authentication bypass (CVE-2020–8272); and a CreateAzureDeployment shell injection issue (CVE-2020–8273). Severity scores have not yet been issued. In the first two cases, an attacker must be able to communicate with SD-WAN Center’s Management IP address or fully qualified domain name (FQDN), according to Citrix’s advisory, issued last week. For the third, an attacker would need to be authenticated. The first vulnerability allows unauthenticated RCE with root privileges in Citrix SD-WAN Center, according to Citrix. A writeup from Realmode Labs on Monday went into more detail on where it exists. For CVE-2020–8271, “the /collector/diagnostics/stop_ping endpoint reads the file /tmp/pid_,” according to Realmode researcher Ariel Tempelhof. “$req_id and uses its contents in a shell_exec call. No sanitization is performed on the user supplied $req_id which allows path traversal. One can drop a file with user-controlled content anywhere (for example, using /collector/licensing/upload) and run an arbitrary shell command.” The second bug has to do with how CakePHP translates the URI to endpoint function parameters. It can…
0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2020-11-16 15:20:002020-11-16 15:20:00Citrix SD-WAN Bugs Allow Remote Code Execution
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org