Recently, Citrix has issued a patch for three critical vulnerabilities in its SD-WAN Center software that allow for unauthenticated Remote Code Execution (RCE) with root privileges. The first vuln patched, CVE-2020-8271 is identified as a “Path Traversal” vulnerability, and the only pre-conditions required to trigger is that the attacker can communicate with SD-WAN Center’s Management IP. The next vuln patched, CVE-2020-8272 allows attackers to bypass SD-WAN authentication, leading to an exposure of SD-WAN functionality. The third and final vulnerability patched, CVE-2020-8273, allows an authenticated user to escalate privileges to root.
While Citrix has stated that the mitigating factor of these vulns are that these are generally protected and most people can’t get to the IP of the SD-WAN center, a quick search of shodan.io shows that there are definitely some SD-WAN Center management servers connected to the Internet. Because of this, Binary Defense urges all Citrix SD-WAN users to update to the following versions:
• Citrix SD-WAN 11.2.2 and later versions of Citrix SD-WAN 11.2
• Citrix SD-WAN 11.1.2b and later versions of Citrix SD-WAN 11.1
• Citrix SD-WAN 10.2.8 and later versions of Citrix SD-WAN 10.2