For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Citrix XenMobile Server– Path Traversal

Andrey Medov, a penetration tester at Positive Technologies recently published an article on a Path traversal vulnerability (CVE-2020-8209) in Citrix Endpoint Management (CEM), often referred to as XenMobile Server. The vulnerability was first discovered by him and Citrix pre-notified customers on July 23rd.

The vulnerability affects the following XenMobile Server versions:

·    10.12 before RP2

·    10.11 before RP4

·    10.10 before RP6

·    versions before 10.9 RP5

The vulnerability found within help-sb-download.jsp file allows an unauthorized user to read arbitrary files, including configuration files containing passwords.

Mitigation with BIG-IP Advanced WAF

A malicious request targeting this CVE will resemble the requests in Figure 1.

Figure 1 Malicious requests targeting this CVE

Advanced WAF customers under any supported BIG-IP version are already protected against this vulnerability. An exploitation attempt will be detected by many existing attack signatures for directory traversal attempt.

Figure 2 Exploit request detected by various Directory traversal signatures

Published Nov 19, 2020
Version 1.0
ASM Advanced WAF
BIG-IP
security
No CommentsBe the first to comment