Citrix now produced patches for multiple new security vulnerabilities influencing its Citrix Endpoint Management (CEM), also recognised as XenMobile, a merchandise built for enterprises to assist firms manage and safe their employees’ cellular gadgets remotely.
Citrix Endpoint Management features enterprises cellular product administration (MDM) and cell application administration (MAM) capabilities. It enables corporations to command which apps their staff members can set up when making certain updates and security options are applied to hold small business information and facts protected.
According to Citrix, there are a whole of 5 vulnerabilities that impact on-premise occasions of XenMobile servers utilised in enterprises to manage all applications, units, or platforms from just one central spot.
“Remediations have currently been applied to cloud variations, but hybrid rights customers need to have to apply the upgrades to any on-premises instance,” the corporation said in a article nowadays.
If still left unpatched and exploited successfully, the recently discovered security vulnerabilities could collectively enable unauthenticated attackers to achieve administrative privileges on impacted XenMobile Servers.
“We recommend these updates be created right away. Even though there are no acknowledged exploits as of this producing, we do anticipate malicious actors will transfer immediately to exploit,” the organization warned.
The two vulnerabilities—tracked as CVE-2020-8208 and CVE-2020-8209 and rated as critical—impact next XenMobile Server versions:
- XenMobile Server 10.12 before RP2
- XenMobile Server 10.11 in advance of RP4
- XenMobile Server 10.10 before RP6
- XenMobile Server just before 10.9 RP5
Whereas, the other a few security vulnerabilities—tracked as CVE-2020-8210, CVE-2020-8211, and CVE-2020-8212 and rated medium/low in severity—resides in the next variations:
- XenMobile Server 10.12 in advance of RP3
- XenMobile Server 10.11 prior to RP6
- XenMobile Server 10.10 in advance of RP6
- XenMobile Server in advance of 10.9 RP5
A single of the critical flaws (CVE-2020-8209), found by Andrey Medov of Favourable Technologies, could let an unauthenticated attacker to read through arbitrary data files outside the house the web-server root directory, which include configuration files and encryption keys for delicate info.
“Exploitation of this vulnerability makes it possible for hackers to get information that can be handy for breaching the perimeter, as the configuration file often outlets domain account credentials for LDAP accessibility,” Mendov defined.
Thus, with obtain to the area account, the distant attacker can target other external organization assets, these types of as company mail, VPN, and web programs.
What is actually worse, according to the researcher, is that the attacker who has managed to examine the configuration file can obtain delicate facts, like database password (community PostgreSQL by default and a distant SQL Server databases in some scenarios).
On the other hand, considering that the database is stored inside the corporate perimeter and simply cannot be accessed from the outdoors, Mendov stated, “this attack vector can only be made use of in complicated assaults, for example, with the involvement of an insider accomplice.”
“The most recent rolling patches that need to have to be utilized for versions 10.9, 10.10, 10.11, and 10.12 are out there quickly,” Citrix notes in a website article.
“Any variations prior to 10.9.x need to be upgraded to a supported edition with the hottest rolling patch. We suggest that you upgrade to 10.12 RP3, the hottest supported variation.”
Because Citrix merchandise have just lately emerged as just one of the favourite targets for hackers after wild exploitation of Citrix ADC, Gateway and Sharefile vulnerabilities, end users are remarkably encouraged to patch their techniques to the most current versions of the software package.
To be famous, the organization has not however discovered specialized particulars of the vulnerabilities but has currently pre-notified several key CERTs all-around the planet and its prospects on July 23.
Uncovered this short article intriguing? Abide by THN on Fb, Twitter and LinkedIn to read extra exceptional content we article.