Request a Demo
Rewterz
Rewterz Threat Alert – Orcus RAT – Active IOCs
November 15, 2021
Rewterz
Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
November 15, 2021

Rewterz Threat Advisory – Citrix Application Delivery Controller

Severity

High

Analysis Summary

CVE-2021-22955 

Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance models are vulnerable to a denial of service. If an appliance is configured as a VPN (Gateway) or AAA virtual server, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2021-22956 

Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance models are vulnerable to a denial of service. Attacker access to NSIP or SNIP with management interface access could exploit this vulnerability to temporarily disrupt the Management GUI, Nitro API, and RPC communication.

Impact

  • Denial of Service

Affected Vendors

  • Citrix

Affected Products

  • Citrix Gateway 11.1
  • Citrix Gateway 12.1
  • Citrix Gateway 13.0
  • Citrix Application Delivery Controller (ADC) 11.1
  • Citrix Application Delivery Controller (ADC) 12.1
  • Citrix Application Delivery Controller (ADC) 13.0
  • Citrix SD-WAN WANOP Edition 10.2
  • Citrix SD-WAN WANOP Edition 11.4

Remediation

Refer to Citrix Advisory for patch, upgrade or suggested workaround information. See References

https://support.citrix.com/article/CTX330728