Multiple vulnerabilities in the Citrix product portfolio were patched, including a high-severity bug in SD-WAN.
CVE-2022-27505 in SD-WAN
The latter has been tracked as CVE-2022-27505, and is a reflected cross-site scripting (XSS) issue which is a result of improper input during web page generation. Citrix says that both standard and premium versions of SD-WAN before version 11.4.3a are affected.
According to the company, its “SD-WAN technology can bond links of multiple types within a network overlay, allowing for the utilization of high-bandwidth broadband internet in addition to or as a replacement for thinner MPLS connectivity.”
The other vulnerability Citrix fixed with its last security update is CVE-2022-27506. This vulnerability is low in terms of severity. It could enable administrators to use hardcoded credentials to access the shell via the SD-WAN CLI.
According to the official company advisory, the following supported versions of Citrix SD-WAN are affected by both issues:
- CVE-2022-27505 affects Citrix SD-WAN Standard/Premium Edition Appliance before 11.4.3a;
- CVE-2022-27506 affects Citrix SD-WAN Center Management Console versions before 11.4.3; Citrix SD-WAN Standard/Premium Edition Appliance versions before 11.4.1; Citrix SD-WAN Orchestrator for On-Premises versions before 13.2.1.
Other Citrix Flaws Also Fixed
Other vulnerabilities Citrix addressed include CVE-2022-27503, another XSS flaw in StoreFront; CVE-2022-21827 in the Gateway Plug-in for Windows (Citrix Secure Access for Windows). The latter could allow the arbitrary corruption or deletion of files.
Three other patches were introduced for Endpoint Management (XenMobile Server for the corresponding issuesCVE-2021-44519, CVE-2021-44520, and CVE-2022-26151. These could lead to unauthorized access to the underlying operating system.
Users are advised to upgrade to a patched version of each affected Citrix product.
Last May, vulnerabilities in the Citrix ShareFile content collaboration platform were discovered. Identified as CVE-2020-7473, CVE-2020-8982, and CVE-2020-8983, the vulnerabilities could have allowed an unauthenticated attacker to compromise the storage zones controller, enabling the attacker to access ShareFile users’ documents and folders.