Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability

A vulnerability allowing limited information disclosure to low-privileged users exists in Citrix ADC and Citrix Gateway versions prior to 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14, and 10.5-70.18. Additionally, several Citrix SD-WAN WANOP appliance models prior to 11.1.1a, 11.0.3d, and 10.2.7 are affected. The vulnerability arises from improper access control, which could be exploited to bypass authorization and access sensitive information.

Impact

Exploitation of this vulnerability leads to unauthorized information disclosure.

Reproduction

The vulnerability can be reproduced by sending a POST request to the 'rapi/filedownload' endpoint with a 'filter' parameter that specifies the path of the file to be accessed. The request must include randomized credentials in the headers and, if a session cookie is available, it should be included as well. After obtaining the 'rand' value from a previous response, it can be used to authorize the request and access the specified file, bypassing normal access controls.

Remediation

Users are advised to update to the latest versions of Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP appliances. Instructions for applying the updates can be found on the Citrix Support website.