Citrix fixed flaws in XenMobile that will be likely exploited soon

Pierluigi Paganini August 12, 2020

Citrix addressed multiple vulnerabilities in Citrix Endpoint Management (XenMobile) that can be exploited by an attacker to gain administrative privileges on affected systems.

The Citrix Endpoint Management (CEM), formerly XenMobile, is software that provides mobile device management (MDM) and mobile application management (MAM).

The vulnerabilities that impacted the Citrix XenMobile were tracked as CVE-2020-8208, CVE-2020-8209, CVE-2020-8210, CVE-2020-8211, and CVE-2020-8212. Citrix confirmed that these flaws could be chained to allow a remote unauthenticated attacker to gain administrative control of a Citrix Endpoint Management (CEM) server,

The impact of the issues depends on the specific version of the software. The vulnerabilities impacting XenMobile server 10.12 before RP2, 10.11 before RP4, 10.10 before RP6, and all versions before 10.9 RP5 have been rated as critical. For XenMobile Server versions 10.12 before RP3, 10.11 before RP6, 10.10 before RP6, and releases prior to 10.9 RP5, the issues have been rated medium or low.

“Today we posted a Security Bulletin covering a set of vulnerabilities in certain on-premises instances of Citrix Endpoint Management (CEM), often referred to as XenMobile Server.” reads the advisory published by Citrix.

“The latest rolling patches that need to be applied for versions 10.9, 10.10, 10.11, and 10.12 are available immediately. Any versions prior to 10.9.x must be upgraded to a supported version with the latest rolling patch.”

The company notified its customers on July 23 and shared details for the issues with the national CERTs around the world.

The company did not provide technical details on the addressed vulnerabilities but revealed that it pre-notified CERTs and customers on July 23. The company is urging users to upgrade their systems.

“We recommend these upgrades be made immediately. While there are no known exploits as of this writing, we do anticipate malicious actors will move quickly to exploit,” continues the advisory.

The flaws were reported by Andrey Medov of Positive Technologies, Glyn Wintle of Tradecraft, and Kristian Bremberg of Detectify.

Experts pointed out that the flaws aren’t trivial to exploit, in order to exploit the issue the attackers need to access target network.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, XenMobile)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment