7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
37.5%
Vulnerabilities have been discovered in Citrix ADC(formerlyknown asNetScaler ADC),Citrix Gateway (formerlyknown asNetScaler Gateway),and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO.These vulnerabilities,if exploited,could result in the following security issues:
CVE-ID | Description | CWE | Affected Products | Pre-conditions | Criticality |
---|---|---|---|---|---|
CVE-2021-22955 | Unauthenticateddenial of service | CWE-400: Uncontrolled Resource Consumption | Citrix ADC, Citrix Gateway | Appliance must be configuredasa VPN(Gateway)or AAAvirtualserver | Critical |
CVE-2021-22956 | Temporary disruption oftheManagement GUI, NitroAPI and RPC communication | CWE-400: Uncontrolled Resource Consumption | Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP Edition | Access toNSIPor SNIP with managementinterface access | Low |
CVE-2021-22955:The following supported versions of CitrixADCandCitrix Gatewayareaffectedbythis vulnerability:
Citrix ADC and Citrix Gateway13.0before13.0-83.27
Citrix ADC andCitrixGateway12.1before12.1-63.22
Citrix ADC and NetScaler Gateway11.1before 11.1-65.23
Citrix ADC 12.1-FIPS before12.1-55.257
CVE-2021-22956:All supported versionsofCitrixADC,Citrix Gateway, and Citrix SD-WAN WANOP Editionareaffected by this vulnerability until theappliance has beenconfiguredaccording to theCitrix Application Delivery Controller, Citrix Gateway,and Citrix SD-WAN WANOP Edition- Management Module Configuration Reference Guide.
The following supported versions ofCitrixADC,CitrixGateway, andCitrix SD-WAN WANOPEditionsupportthisconfiguration change:
Citrix ADCand Citrix Gateway13.1-4.43and laterreleases
Citrix ADCand Citrix Gateway13.0-83.27and later releases of 13.0
Citrix ADC and Citrix Gateway12.1-63.22and later releases of 12.1
Citrix ADC and NetScaler Gateway11.1-65.23and later releases of 11.1
Citrix ADC 12.1-FIPS 12.1-55.257and later releases of 12.1-FIPS
Citrix SD-WAN WANOPEdition11.4.2 and later releases of 11.4
Citrix SD-WAN WANOPEdition10.2.9c and later releases of 10.2
Please notethatthe WANOP feature of SD-WAN Premium Edition isnotimpacted.
Thisbulletinonly appliesto customer-managed Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP Editionappliances. Customersusing Citrix-managedcloudservices do not need to take any action.
CPE | Name | Operator | Version |
---|---|---|---|
citrix adc | ge | 13.1 | |
citrix adc | le | 4.43 | |
citrix gateway | ge | 13.1 | |
citrix gateway | le | 4.43 | |
citrix adc | ge | 13.1 | |
citrix adc | le | 4.43 | |
citrix gateway | ge | 13.1 | |
citrix gateway | le | 4.43 | |
citrix adc | ge | 13.0 | |
citrix adc | le | 83.27 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
37.5%