Vulnerabilities

Citrix releases patches to fix vulnerabilities in XenMobile Server

0

Citrix released patches for 5 vulnerabilities which affects multiple versions of Citrix Endpoint Management (CEM) on-premise instances, also known as XenMobile Server.

On-premise Citrix XenMobile is a product made for enterprises to provide a unified interface to manage and secure employees’ desktops, notebooks, and mobile devices through a single platform.

Citrix Endpoint Management offers businesses mobile device management (MDM) and mobile application management (MAM) capabilities.

The company recommends all the customers to immediately update vulnerable XenMobile Server deployments. As of now, there has been no known exploits but it is likely that the attackers might immediately start scanning for vulnerable servers and try to exploit them.

According to a company post, remediations have already been applied to cloud versions, but hybrid rights users need to apply the upgrades to any on-premises instance.

The CERTs and customers with active maintenance support have been already notified on July 23 about these security vulnerabilities.

More than 70 percent of alerted customers have already upgraded their vulnerable XenMobile Server deployments by applying the latest rolling patches according to Citrix.

The two vulnerabilities tracked as CVE-2020-8208 and CVE-2020-8209, are rated critical severity and, collectively, they could permit unauthenticated attackers to takeover XenMobile Servers after gaining admin control following successful exploitation.

These flaws could affect the following XenMobile Server versions:

  • XenMobile Server 10.12 before RP2
  • XenMobile Server 10.11 before RP4
  • XenMobile Server 10.10 before RP6
  • XenMobile Server before 10.9 RP5

The remaining three security vulnerabilities tracked as CVE-2020-8210, CVE-2020-8211, and CVE-2020-8212 are rated as medium and low severity, and could make it possible for CEM admins to access unauthorized information if abused.

These flaws could affect the following XenMobile Server versions:

  • XenMobile Server 10.12 before RP3
  • XenMobile Server 10.11 before RP6
  • XenMobile Server 10.10 before RP6
  • XenMobile Server before 10.9 RP5

Citrix stated that the latest rolling patches which must be applied for versions 10.9, 10.10, 10.11 and 10.12 are available immediately.

The versions prior to 10.9.x must be upgraded to a supported version with the latest Rolling Patch. The company recommends the customers to upgrade to 10.12 RP3 which is the latest supported version.

Image Credits : Forbes

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Michigan State University confirms credit card theft incident

    Previous article

    Amazon Alexa ‘One-Click’ attack can reveal personal data

    Next article

    You may also like

    Comments

    Leave a reply

    Your email address will not be published. Required fields are marked *