=====================================================================

                               CERT-Renater

                     Note d'Information No. 2024/VULN116
_____________________________________________________________________

DATE                : 13/03/2024

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Citrix SDWAN.

=====================================================================
https://support.citrix.com/article/CTX617071/citrix-sdwan-security-bulletin-for-cve20242049
_____________________________________________________________________

CTX617071
Citrix SDWAN Security Bulletin for CVE-2024-2049
Security Bulletin | Severity: Medium | Created: 12 Mar 2024 |
Modified: 12 Mar 2024 | Status: Final


Applicable Products

     Citrix SD-WAN


Description of Problem

A vulnerability has been identified that impacts Citrix SD-WAN

Affected Versions:
The vulnerability affects the following supported versions of
Citrix SD-WAN
     SD-WAN Standard/Premium Editions on or after 11.4.0 and
before 11.4.4.46

Summary:
SDWAN contains the vulnerability mentioned below
CVE ID 	Description 	Pre-requisites 	CWE 	CVSS

CVE-2024-2049 	If exploited, an attacker may disclose limited
information from the appliance     Access to management interface
  CWE-918     6,5


Mitigating Factors

CVE-2024-2049 only impacts the Citrix SD-WAN management interface.
Customers may perform one of the following workarounds to reduce the
risk of exploitation of this CVE.

WorkAround-1: Cloud Software Group strongly recommends that network
traffic to the appliance’s management interface be separated, either
physically or logically, from normal network traffic. In addition, we
recommend users do not expose the management interface to the internet.
Doing so significantly reduces the risk of exploitation of this issue.
Please see the following ‘Best Practices for Deployment of CITRIX
SD-WAN’ article for more information:

 
https://support.citrix.com/article/CTX228225/best-practices-for-deployment-of-citrix-sdwan. 

  WorkAround-2: In addition to separating the appliance’s management
interface from network traffic,  Cloud Software Group has created a
script that can be run on the vulnerable appliance to reduce the risk
of exploitation for customers who may not be able to install relevant
updated versions. Customers may reach out to Support for further
guidance or information on this workaround.

  What Customers Should Do

Cloud Software Group recommends that affected customers of Citrix
SD-WAN install the relevant updated versions as soon as their upgrade
schedule permits.

Citrix SD-WAN versions that contain the fixes are:
     SD-WAN Standard/Premium Editions 11.4.4.46 and later releases

As a reminder,  Cloud Software Group has announced a Notice of
Status Change for the Citrix SD-WAN product line to explain the
Citrix SD-WAN life cycle management milestones as well as
important information regarding dates and options during this
period:
https://support.citrix.com/article/CTX465114/notice-of-change-announcement-for-citrix-citrix-sdwan


What Citrix is Doing
Citrix is notifying customers and channel partners about this
potential security issue through the publication of this security
bulletin on the Citrix Knowledge Center at
https://support.citrix.com/securitybulletins.


Obtaining Support on This Issue
If you require technical assistance with this issue, please contact
Citrix Technical Support. Contact details for Citrix Technical
Support are available at
https://www.citrix.com/support/open-a-support-case.


Subscribe to Receive Alerts
Citrix strongly recommends that all customers subscribe to receive
alerts when a Citrix security bulletin is created or modified at
https://support.citrix.com/user/alerts.


Reporting Security Vulnerabilities to Citrix
Citrix welcomes input regarding the security of its products and
considers any and all potential vulnerabilities seriously. For details
on our vulnerability response process and guidance on how to report
security-related issues to Citrix, please see the following webpage:
https://www.citrix.com/about/trust-center/vulnerability-process.html.
_____________________________________________________________________

Disclaimer
This document is provided on an "as is" basis and does not imply any
kind of guarantee or warranty, including the warranties of
merchantability or fitness for a particular use. Your use of the
information on the document is at your own risk. Citrix reserves the
right to change or update this document at any time. Customers are
therefore recommended to always view the latest version of this
document directly from the Citrix Knowledge Center.


Changelog
2024-03-12 T 16:00:00Z 	Initial publication


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================