Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.2780 Citrix releases critical Citrix Endpoint Management Server aka XenMobile Server patches 12 August 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Citrix Endpoint Management Server XenMobile Publisher: Citrix Operating System: Network Appliance Virtualisation Impact/Access: Reduced Security -- Unknown/Unspecified Resolution: Patch/Upgrade CVE Names: CVE-2020-8212 CVE-2020-8211 CVE-2020-8210 CVE-2020-8209 CVE-2020-8208 Original Bulletin: https://support.citrix.com/article/CTX277457 Comment: Citrix advises that these patches are critical, although they have not yet provided detail on the vulnerabilities addressed. - --------------------------BEGIN INCLUDED TEXT-------------------- Citrix Endpoint Management (CEM) Security Update Reference: CTX277457 Category : Critical Created : 11 Aug 2020 Modified : 11 Aug 2020 Applicable Products o Citrix Endpoint Management o XenMobile Description of Problem Multiple vulnerabilities have been discovered in Citrix Endpoint Management (CEM), also referred to as XenMobile. These vulnerabilities have the following identifiers: o CVE-2020-8208 o CVE-2020-8209 o CVE-2020-8210 o CVE-2020-8211 o CVE-2020-8212 The following versions of Citrix Endpoint Management (CEM) are affected by critical severity vulnerabilities: o XenMobile Server 10.12 before RP2 o XenMobile Server 10.11 before RP4 o XenMobile Server 10.10 before RP6 o XenMobile Server before 10.9 RP5 Customers affected by these critical severity vulnerabilities are strongly recommended to update their deployments immediately. Additionally, the following versions of Citrix Endpoint Management (CEM)are affected by medium and low severity vulnerabilities: o XenMobile Server 10.12 before RP3 o XenMobile Server 10.11 before RP6 o XenMobile Server 10.10 before RP6 o XenMobile Server before 10.9 RP5 Customers who are only affected by these medium and low severity vulnerabilities are recommended to update their deployments as soon as their patching schedule allows. Customers using the cloud version of Citrix Endpoint Management are not affected by these vulnerabilities. What Customers Should Do The latest Rolling Patches for Citrix Endpoint Management (CEM) can be downloaded from the following locations: o XenMobile Server 10.12 RP3: https://support.citrix.com/article/CTX277473 o XenMobile Server 10.11 RP6: https://support.citrix.com/article/CTX277698 o XenMobile Server 10.10 RP6: https://support.citrix.com/article/CTX279101 o XenMobile Server 10.9 RP5: https://support.citrix.com/article/CTX279098 Customers should ensure they are running a supported version and then download and deploy the latest rolling patch to their deployments. Acknowledgements Citrixwould like to thank Andrey Medov of Positive Technologies ( https:// www.ptsecurity.com ), Glyn Wintle of Tradecraft ( https:// www.wearetradecraft.com ) and Kristian Bremberg of Detectify for working with us to protect Citrix customers. Changelog +--------------------------+--------------------------------------------------+ |Date |Change | +--------------------------+--------------------------------------------------+ |2020-08-11 |Initial publication | +--------------------------+--------------------------------------------------+ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXzOCFeNLKJtyKPYoAQhyDg//VS8WesE4sjYeAgo2BN4V09+2kmFOFy6r GBkvvi0g5ILLkf0WSE5qzLxPjxN83vaXP/0T/PL4o4C2+JAXseVXWek6lo6zzY2/ QrwBY+Cx/DVuDE7SijRnXTHYeQ6MG7svgCZ6Y0LfSDwhi4/YSGkckuyU4i18u68w G9VVXgH7LShn9b+547yxloDLq+v9yWmkBFSsAowNC36W04JIm2VV//edNOQqO5zc L768TQgJerGqF66nvW92wZ98AHT1NyBTIL8z0D6B8Yr59vRGWXBoe6W8tiS2nvCY FLpO/KtbOpJZfiJV2E7f3sR9cqaXQ9wQe30AASXHvgKovFFnAwfjt5V1e9p7GQm8 cLe7HQI/McoTOWe1pDc1qCMuP2GNzcj2pRaFK1Rg766lqc/Qn9iSmXOgu2iw8YA2 arWQlxHRBq3n30jYwUK+oB1wlNbZEkJtOAFbSCbGyf/OiCDNsyKsttv/I/0r0y4S QB3t5PNohy6Y2RSweHtzSPNhCxOjIILkq2zXf/8k7fsOcCbMvXIw/B7NTAaW1Gk3 5lA9/WLtq/XqRt/m9hW/kOl0WW4AIOiApNnaLD6RhkZYLVcPxrNWnWOXKyrHFXZF l50ZT//5yz6kjmpJF7MPNfLeZ28cSSIjx130ku3BQKbLAMK/gbPD+BJsuKa9TbHc JM9nQgQv6tM= =IDMd -----END PGP SIGNATURE-----