cancel
Showing results for 
Search instead for 
Did you mean: 
Harsh_Chawla
F5 Employee
F5 Employee

Andrey Medov, a penetration tester at Positive Technologies recently published an article on a Path traversal vulnerability (CVE-2020-8209) in Citrix Endpoint Management (CEM), often referred to as XenMobile Server. The vulnerability was first discovered by him and Citrix pre-notified customers on July 23rd.

The vulnerability affects the following XenMobile Server versions:

·    10.12 before RP2

·    10.11 before RP4

·    10.10 before RP6

·    versions before 10.9 RP5

The vulnerability found within help-sb-download.jsp file allows an unauthorized user to read arbitrary files, including configuration files containing passwords.

Mitigation with BIG-IP Advanced WAF

A malicious request targeting this CVE will resemble the requests in Figure 1.

0EM1T000002JKy8.png

0EM1T000002JKy9.png

Figure 1 Malicious requests targeting this CVE

Advanced WAF customers under any supported BIG-IP version are already protected against this vulnerability. An exploitation attempt will be detected by many existing attack signatures for directory traversal attempt.

0EM1T000002JKyA.png

0EM1T000002JKyB.png

0EM1T000002JKyC.png

0EM1T000002JKyD.png

0EM1T000002JKyE.png

0EM1T000002JKyF.png

Figure 2 Exploit request detected by various Directory traversal signatures

Version history
Last update:
‎19-Nov-2020 13:23
Updated by:
Contributors