vulnerabilities affecting its Citrix Endpoint Management
(CEM), also known as XenMobile, a product made for enterprises
to help companies manage and secure their employees’ mobile devices
remotely.
Citrix Endpoint Management offers businesses mobile device
management (MDM) and mobile application management (MAM)
capabilities. It allows companies to control which apps their
employees can install while ensuring updates and security settings
are applied to keep business information protected.
According to Citrix, there are a total of 5 vulnerabilities
that affect on-premise instances of XenMobile servers used in
enterprises to manage all apps, devices, or platforms from one
central location.
[1]
hybrid rights users need to apply the upgrades to any on-premises
instance,” the company
sai[2]d in a post today.
If left unpatched and exploited successfully, the newly
identified security vulnerabilities could collectively allow
unauthenticated attackers to gain administrative privileges on
affected XenMobile Servers.
“We recommend these upgrades be made immediately. While there are
no known exploits as of this writing, we do anticipate malicious
actors will move quickly to exploit,” the company warned.
and rated as critical—impact following XenMobile Server versions:
- XenMobile Server 10.12 before RP2
- XenMobile Server 10.11 before RP4
- XenMobile Server 10.10 before RP6
- XenMobile Server before 10.9 RP5
Whereas, the other three security vulnerabilities—tracked as
CVE-2020-8210, CVE-2020-8211, and CVE-2020-8212 and rated
medium/low in severity—resides in the following versions:
- XenMobile Server 10.12 before RP3
- XenMobile Server 10.11 before RP6
- XenMobile Server 10.10 before RP6
- XenMobile Server before 10.9 RP5
One of the critical flaws (CVE-2020-8209[3]), discovered by Andrey
Medov of Positive Technologies, could allow an unauthenticated
attacker to read arbitrary files outside the web-server root
directory, including configuration files and encryption keys for
sensitive data.
“Exploitation of this vulnerability allows hackers to obtain
information that can be useful for breaching the perimeter, as the
configuration file often stores domain account credentials for LDAP
access,” Mendov explained.
can target other external company resources, such as corporate
mail, VPN, and web applications.
What’s worse, according to the researcher, is that the attacker who
has managed to read the configuration file can access sensitive
data, like database password (local PostgreSQL by default and a
remote SQL Server database in some cases).
However, since the database is stored inside the corporate
perimeter and cannot be accessed from the outside, Mendov said,
“this attack vector can only be used in complex attacks, for
example, with the involvement of an insider accomplice.”
“The latest rolling patches that need to be applied for versions
10.9, 10.10, 10.11, and 10.12 are available immediately,” Citrix
notes in a blog post.
version with the latest rolling patch. We recommend that you
upgrade to 10.12 RP3, the latest supported version.”
Since Citrix products have recently emerged as one of the
favorite targets for hackers after wild exploitation of Citrix ADC,
Gateway[4] and Sharefile
vulnerabilitie[5]s, users are highly
recommended to patch their systems to the latest versions of the
software.
To be noted, the company has not yet revealed technical details
of the vulnerabilities but has already pre-notified several major
CERTs around the world and its customers on July 23.
References
- ^
5
vulnerabilities (support.citrix.com) - ^
company sai
(www.citrix.com) - ^
CVE-2020-8209
(www.ptsecurity.com) - ^
Citrix ADC, Gateway
(thehackernews.com) - ^
Sharefile vulnerabilitie
(thehackernews.com)
Read more http://feedproxy.google.com/~r/TheHackersNews/~3/Q_8ZCdRouFc/citrix-endpoint-management.html