Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.0761 Citrix Application Delivery Management (ADM) Agent Security Update 12 March 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Citrix Application Delivery Management (ADM) Agent Publisher: Citrix Operating System: Virtualisation Impact/Access: Access Privileged Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-9548 Original Bulletin: https://support.citrix.com/article/CTX247738 - --------------------------BEGIN INCLUDED TEXT-------------------- Citrix Application Delivery Management (ADM) Agent Security Update Reference: CTX247738 Category : Critical Created : 11 Mar 2019 Modified : 11 Mar 2019 Applicable Products o Citrix Application Delivery Management Description of Problem A vulnerability has been identified in Citrix Application Delivery Management Agent that could allow an unauthenticated attacker with network access to the management agent interface to obtain sensitive information. Disclosed information could be used for privilege escalation beyond the agent system. The following deployment scenarios are affected: 1. Citrix Application Delivery Management server on-prem with ADM Agents 2. Citrix Application Delivery Management on Cloud with ADM Agents deployed on-prem or customer-managed cloud datacenters. This vulnerability has been assigned the following CVE number: o CVE-2019-9548: Information Disclosure Vulnerability in Citrix Application Delivery Management Agent. This vulnerability affects the following product versions: o Citrix Application Delivery Management Agent version 12.1 earlier than build 50.33 o Citrix Application Delivery Management Agent Cloud version 13.0 earlier than build 33.23 Mitigating Factors In order to exploit this vulnerability, an attacker would require network access to the management agent interface. In situations where the agent management interface has been limited to only trusted network traffic the exposure of the issue is limited. Agents deployed as a part of valid (non-expired) Citrix Cloud subscription of Citrix ADM updated to latest agent version 13.0.-33.23 or newer are unaffected. What Customers Should Do This vulnerability has been addressed in the following version of Citrix Application Delivery Management Agent: o Citrix Application Delivery Management Agent version 12.1 build 50.33 and later o Citrix Application Delivery Management Agent Cloud version 13.0 build 33.23 and later Citrix strongly recommends that customers affected by this vulnerability upgrade to a version of the Citrix Application Delivery Management Agent that contains a fix for this issue as soon as possible. The latest on-prem version is available on the Citrix website at the following address: https://www.citrix.com/downloads/citrix-application-management/ The latest Cloud version is available in the Citrix Cloud Application Delivery Management portal under Networks > Agents In line with industry best practice, Citrix also recommends that customers limit access to the management agent interface to trusted network traffic only. For deployments that are unable to apply the mitigating updates the following document describes agent configuration changes that are available to mitigate the issue until a time that the appropriate updates can be applied: CTX247823 - Blocking network access to Citrix Application Delivery Management Agent Note: Blocking these ports will prevent CPX Auto-registration. Changelog +----------------------------------+------------------------------------------+ |Date |Change | +----------------------------------+------------------------------------------+ |11th March 2019 |Initial Publication | +----------------------------------+------------------------------------------+ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXIcM0maOgq3Tt24GAQgyGhAAh1p4H/JnKdY5PvN9Rk792wzN62ue8n2/ g5CeOm1CDveqmVugTjw8fCnDMscTQQyOQnfYm0JB5beWzP37WOEhe6cF1JczuWn5 n3tpDfonssxTCbHsJcKU0ctM4tZKwCSmcQ6kbyb5ZFDTD7bJtmMG0Y5jeaEfF+BY aOJ3qwsJ5lCHx/AThwdkBHw1fpCYzZrzKSycCR7w5HYDO/IiXxNt/RebUJpDBp3q zeJrfBgBhyKxJ+KOwck5V5b3wdml561/KJf0EFfynEczrnyUynSdM0MFi+QlFD8X U1ZeWb2ixyGh++A4bKKcCwDKomWOUSUqr7QyZ+qtlIEXSmhHI4/any6HgfQlo9NC yWmX8pq+2yXte04VR+RtvgNYPoO5VDPbU/Kl6Znn43MlXXI8tV/2rgspqfPb5yjp 2e3V6CK28CD6NYQVovzV+jkrCFn1cfVt1902TeuMXN6VjC/SYJ9hCYHNAH7rJuf+ gLGBzrQD48AeE2DrlLjwqhVsMJWLJtR5aulqLCONoXeY6Ub70qX+msv/uAV0V9ID ryXJ8unO50UMK/jCdYvjpV8Z/C4eif9a+tTi868nxdjelKHPNQieuL4Bfz5NM62y nbS2BeE79ekMrm8It7xcDfxLJ7LJ8URld3b0KjZ3g7zQyMfQBh7y4o66m+c9k84N j1O7S6y5uo4= =uJ6Z -----END PGP SIGNATURE-----