An unauthorized redirect vulnerability has been identified in Citrix NetScaler ADC

Symptoms

An unauthorized redirect vulnerability has been identified in Citrix NetScaler ADC that could allow a remote attacker to obtain session cookies of a redirected AAA user. The vulnerability affects the following versions of Citrix NetScaler ADC:

  • Version 11.1 earlier than 11.1 Build 47.14
  • Version 11.0 earlier than 11.0 Build 65.31/65.35F
  • Version 10.5 earlier than 10.5 Build 60.7
  • Version 10.1 earlier than 10.1 Build 135.8

 

Cause

Unauthorized Redirect on Citrix NetScaler ADC could result in session hijack

Resolution

1.      affected versions of the NetScaler ADC should be upgraded to a version of the appliance firmware that contains the fixes for this issue as soon possible to avoid being exploited:

version 11.1.48.10 and higher

2. customers across all currently supported versions (including all NetScaler ADC 11.1 builds) that utilize an authentication AAA virtual server should also implement the following configuration change. The following steps should be performed from the NSCLI:

 

  • Ensure that the Load-Balancing virtual server IP address is non-routable from the external world:

add lb vserver <internal_vserver> SSL 0.0.0.0 0 -persistenceType NONE -cltTimeout 180 -AuthenticationHost <authentication_hostname> -Authentication ON -authnVsName <auth_vserver> -authnProfile <auth_profile>

  • Bind this virtual server entity to a service to allow traffic to be routed to the back-end server:

add service <backend_service> <ip_addr> HTTP 80 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp ON -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO

bind lb vserver <internal_vserver> <backend_service>