Citrix Patches XenMobile Server Flaws, Urges Customers to Upgrade Deployments


Positive Technologies discovered five key vulnerabilities, including a path traversal flaw, in XenMobile, Citrix’s flagship endpoint device management solution. The leading VDI provider has patched up the vulnerabilities and recommends customers an upgrade to reduce the risk of attacks. 

Citrix has patched five vulnerabilities in its XenMobile enterprise mobility management solution. The vulnerabilities, discovered by Positive Technologies’ Andrey Medov, could lead to attackers potentially gaining access to the web server root directory which hosts configuration files and encryption keys for sensitive information through the data domain account credentials. Essentially, any exploitation could open up the doors to a data gold mine of corporate data in the XenMobile server.

Andrey Medov, Researcher at Positive Technologies told Toolbox, “By exploiting the vulnerability affecting the Citrix XenMobile enterprise mobility management solution, cybercriminals could potentially gain information useful for breaching an organization’s network perimeter and obtain domain account credentials. This could be used for access to other resources, such as corporate mail, VPN, and web applications. We’re glad to see that Citrix has released an updated product version and is urging users to install it as soon as possible.”

See Also: Microsoft Finally Patches a 2018 Zero-Day Vulnerability in Windows

Citrix XenMobile, also known as Citrix Endpoint Management (CEM) is a mobile device management (MDM) and mobile application management (MAM) solution for businesses. With CEM, organizations can remotely control device and application setup on an employee’s system. It also imparts the ability to have a directive over updates and security protocols of the end device.

In total, there are five vulnerabilities CVE-2020-8208Opens a new window , CVE-2020-8209Opens a new window , CVE-2020-8210Opens a new window , CVE-2020-8211Opens a new window , CVE-2020-8212Opens a new window , of which the latter two are rated ‘critical’ with a CVSS score of 9.8. CVE-2020-8208 has a CVSS score of 6.1 (medium severity), while a 7.5 CVSS score of the remaining two vulnerabilities puts them in the high severity category.

All these vulnerabilities affect versions 10.8 to 10.12: XenMobile Server 10.12 before RP2, XenMobile Server 10.11 before RP4, XenMobile Server 10.10 before RP6, XenMobile Server before 10.9 RP5. According to Citrix, users need to patch their systemsOpens a new window without haste. 

Fermin J. Serna, Chief Information Security Officer at Citrix wrote in a blog post, “The latest rolling patches that need to be applied for versions 10.9, 10.10, 10.11, and 10.12 are available immediately. Any versions prior to 10.9.x must be upgraded to a supported version with the latest rolling patch. We recommend that you upgrade to 10.12 RP3, the latest supported version.”

“With access to the domain account, a remote attacker can use the obtained data for authentication on other external company resources, including corporate mail, VPN, and web applications,” explained Medov. He goes on to say that with attacks leveraging the stated vulnerabilities, the perpetrator(s) needs to involve an insider from the victim organization since the database is stored inside the corporate perimeter.

See Also: How Endpoint Security Can Help Enterprises Tackle IT Strain

Citrix said no exploits have been observed. Serna adds, “We recommend these upgrades be made immediately. While there are no known exploits as of this writing, we do anticipate malicious actors will move quickly to exploit.

Citrix also recently updatedOpens a new window its threat response process with a ‘Vulnerability ResponseOpens a new window ‘ section to the Citrix Trust Center.

Let us know if you liked this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!