Citrix ADC NetScaler Local File Inclusion (CVE-2020-8193)
Description
Citrix ADC NetScaler is affected by an unauthenticated local file inclusion vulnerability (CVE-2020-8193) that allows remote attackers to access sensitive system files without requiring authentication. This vulnerability exploits improper access controls in the web interface, enabling attackers to read arbitrary files from the appliance's filesystem, potentially exposing configuration data, credentials, and other confidential information.
Remediation
Apply the security updates provided by Citrix immediately by following these steps:
1. Review Citrix Security Bulletin CTX276688 to determine if your appliance version is affected
2. Download the appropriate security update or upgrade to a patched version as specified in the bulletin
3. Schedule a maintenance window and apply the update following Citrix's upgrade procedures
4. Verify the patch installation by checking the appliance version post-update
5. Review access logs for any suspicious file access attempts prior to patching
6. As an interim mitigation, restrict network access to the management interface using firewall rules or access control lists until patching is complete