CitrixËùÓвúÆ·±£´æ´úÂëÖ´ÐÐÎó²îΣº¦Í¨¸æ

Ðû²¼Ê±¼ä 2020-01-09

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-19781£¬ £¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬ £¬£¬£¬£¬£¬CVSS·ÖÖµ£º9.8


Ó°Ïì°æ±¾


Citrix ADC and Citrix Gateway version 13.0 all supported builds

Citrix ADC and NetScaler Gateway version 12.1 all supported builds

Citrix ADC and NetScaler Gateway version 12.0 all supported builds

Citrix ADC and NetScaler Gateway version 11.1 all supported builds

Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds


Îó²î¸ÅÊö


Citrix Systems Citrix ADC and NetScaler GatewayµÈ¶¼ÊÇÃÀ¹ú˼½Üϵͳ£¨Citrix Systems£©¹«Ë¾µÄ²úÆ·¡£¡£¡£¡£¡£Citrix ADC and NetScaler GatewayÊÇÒ»¿îÓ¦Óý»¸¶¿ØÖÆÆ÷¡£¡£¡£¡£¡£¸Ã²úÆ·¾ßÓÐÓ¦Óý»¸¶¿ØÖƺ͸ºÔØƽºâµÈ¹¦Ð§¡£¡£¡£¡£¡£


Ç徲ר¼ÒÔÚCitrix Application Delivery ControllerºÍCitrix Gateway²úÆ·Öз¢Ã÷Ò»¸öÑÏÖصĴúÂëÖ´ÐÐÎó²î£¬ £¬£¬£¬£¬£¬¸ÃÎó²îʹ158¸ö¹ú¼ÒµÄÁè¼Ý8Íò¼Ò¹«Ë¾ÃæÁÙΣº¦¡£¡£¡£¡£¡£ÓÉÓÚʹÓøÃÎó²îµÄ¹¥»÷ÕßÎÞÐèÉí·ÝÑéÖ¤¼´¿É»á¼û¹«Ë¾µÄÄÚ²¿ÍøÂ磬 £¬£¬£¬£¬£¬Òò´Ë¸ÃÎó²îÓÈÆäΣÏÕ¡£¡£¡£¡£¡£ÀÖ³ÉʹÓøÃÎó²î¿Éµ¼ÖÂí§Òâ´úÂëÖ´ÐС£¡£¡£¡£¡£


Îó²îÑéÖ¤


POC£ºÏÖÔÚ¹ûÕæÁ˲¿·ÖPOC£¬ £¬£¬£¬£¬£¬¿ÉÔÚÊÜÓ°ÏìµÄ°æ±¾ÉÏͨ¹ýδÊÚȨµÄGETÇëÇóÖ´ÐÐĿ¼±éÀú¡£¡£¡£¡£¡£


GET /vpn/../vpns/services.html


GET /vpn/../vpns/cfg/smb.conf


ÈôÊÇ·µ»Ø HTTP/1.1 403 Forbidden ÔòÒÑÐÞ¸´¡£¡£¡£¡£¡£


ÖÁÓÚÔõÑùÔì³ÉÔ¶³Ì´úÂëÖ´ÐУ¬ £¬£¬£¬£¬£¬ÆäÖ»Ðû²¼Á˲¿·Öϸ½Ú£¬ £¬£¬£¬£¬£¬ÏÖÔÚ²¢Î´·¢Ã÷¹ûÕæµÄ¿ÉÒÔʹÓõÄPOC¡£¡£¡£¡£¡£


ÐÞ¸´½¨Òé


Ö»¹ÜCitrixÉÐδÐû²¼Ð¹̼þÀ´½â¾ö¸ÃÎÊÌ⣬ £¬£¬£¬£¬£¬µ«¸Ã¹«Ë¾ÒÑÐû²¼ÁËÒ»Ì×Õë¶Ô×ÔÁ¦ÏµÍ³ºÍ¼¯ÈºµÄ»º½â²½·¥£¬ £¬£¬£¬£¬£¬²¢Ç¿ÁÒ½¨ÒéÊÜÓ°ÏìµÄ¿Í»§½ÓÄÉËüÃÇ£ºhttps://support.citrix.com/article/CTX267679¡£¡£¡£¡£¡£


²Î¿¼Á´½Ó


https://www.bleepingcomputer.com/news/security/critical-citrix-flaw-may-expose-thousands-of-firms-to-attacks/