Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update

Vulnerabilities have been discovered in Citrix ADC(formerlyknown asNetScaler ADC),Citrix Gateway (formerlyknown asNetScaler Gateway),and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO.These vulnerabilities,if exploited,could result in the following security issues:

CVE-2021-22955:The following supported versions of CitrixADCandCitrix Gatewayareaffectedbythis vulnerability:

• Citrix ADC and Citrix Gateway13.0before13.0-83.27

• Citrix ADC andCitrixGateway12.1before12.1-63.22

• Citrix ADC and NetScaler Gateway11.1before 11.1-65.23

• Citrix ADC 12.1-FIPS before12.1-55.257

CVE-2021-22956:All supported versionsofCitrixADC,Citrix Gateway, and Citrix SD-WAN WANOP Editionareaffected by this vulnerability until theappliance has beenconfiguredaccording to theCitrix Application Delivery Controller, Citrix Gateway,and Citrix SD-WAN WANOP Edition- Management Module Configuration Reference Guide.

The following supported versions ofCitrixADC,CitrixGateway, andCitrix SD-WAN WANOPEditionsupportthisconfiguration change:

• Citrix ADCand Citrix Gateway13.1-4.43and laterreleases

• Citrix ADCand Citrix Gateway13.0-83.27and later releases of 13.0

• Citrix ADC and Citrix Gateway12.1-63.22and later releases of 12.1

• Citrix ADC and NetScaler Gateway11.1-65.23and later releases of 11.1

• Citrix ADC 12.1-FIPS 12.1-55.257and later releases of 12.1-FIPS

• Citrix SD-WAN WANOPEdition11.4.2 and later releases of 11.4

• Citrix SD-WAN WANOPEdition10.2.9c and later releases of 10.2

Please notethatthe WANOP feature of SD-WAN Premium Edition isnotimpacted.

Thisbulletinonly appliesto customer-managed Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP Editionappliances. Customersusing Citrix-managedcloudservices do not need to take any action.