Threat Advisory - DTLS Amplification Distributed Denial of Service Attack on Citrix ADC and Citrix Gateway

Threat Information Citrix is aware of a DDoS attack pattern impacting Citrix ADCand Citrix Gateway. As part of this attack, an attacker or bots can overwhelm the Citrix ADCDTLS network throughput, potentially leading to outbound bandwidth exhaustion. The effect of this attack appears to be more...

VDA launch failure via Workspace and browser with error "VDA refused connection"

While launching the applications after successful gateway authentication from the browser and Citrix workspace app. users get error "Gateway authentication failed because VDA refused connection "...

VDA Showing Unregistered in Studio due to error "Test call from Cloud Connector to VDA failed."

VDAs are showing as unregistered in the Studio Console, VDA event log show below error: Test call from Cloud Connector to VDA failed...

CVE-2014-3566 - Citrix Security Advisory for SSLv3 Protocol Flaw

Description of Problem The recently disclosed protocol flaw in SSLv3, referred to as CVE-2014-3566 or POODLE, could expose some deployments that support SSLv3 to a risk of an active Man in the Middle MITM attack. A successful attack could lead to the disclosure of the information that is being se...

CVE-2019-19781 - Vulnerability in Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance

Description of Problem A vulnerability has been identified in Citrix Application Delivery Controller ADC formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway that, if exploited, could allow an unauthenticated attacker to perform arbitrary code execution. The scop...

Citrix Security Advisory for CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832.

Citrix is aware offourvulnerabilitiesaffectingApache Log4j2, threeof whichmayallowan attackertoexecute arbitrary code. Thesethreevulnerabilitieshavebeen given the followingidentifiers: CVE-2021-44228 CVE-2021-45046 CVE-2021-44832 Thefourthvulnerabilitymay allowan attackertocause a denial of...

Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update

Vulnerabilities have been discovered in Citrix ADCformerlyknown asNetScaler ADC,Citrix Gateway formerlyknown asNetScaler Gateway,and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO.These vulnerabilities,if exploited,could result in the following security issues: CVE-ID|...

Citrix Hypervisor Security Update

Description of Problem Two security issues have been identified in Citrix Hypervisor formerly Citrix XenServer that may allow privileged code in a guest VM to cause the host to crash or become unresponsive. These issues affect all currently supported versions of Citrix Hypervisor up to and...

Citrix Workspace App Security Update

Description of Problem A vulnerability has been identified that could result in a local user escalating their privilege level to SYSTEM on the computer running Citrix Workspace app for Windows. The vulnerability has the following identifier: CVE ID| Description| Vulnerability Type| Pre-conditions...

Citrix ShareFile storage zones controller security update

Description of Problem A security issue has been identified in the Citrix ShareFile storage zones controller which, if exploited, would allow an unauthenticated attacker to remotely compromise the storage zones controller. The issue has been given the following identifier: CVE-ID | Description |...

Citrix Federated Authentication Service (FAS) Security Update

An issue has been identified in Citrix Federated Authentication Service FAS which causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module TPM to incorrectly store that key in the Microsoft Software Key Storage Provider...

Citrix Hypervisor Security Update

Description of Problem A security issue has been identified that may allow privileged code running in a guest VM to compromise the host. This issue is limited to only those guest VMs where the host administrator has explicitly assigned a PCI passthrough device to the guest VM. The issue has the...

Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27507 and CVE-2022-27508

Vulnerabilities have been discovered in Citrix ADC and Citrix Gateway that, if exploited, could result in a denial of service. These vulnerabilities have the following identifiers: CVE-ID| Description| CWE| Pre-conditions ---|---|---|--- CVE-2022-27507| Authenticated denial of service| CWE-400:...

Event: 1050 Connection validation failed on domain for user for reason 'Deny'

SSL Certificate handshake is not successful for ICA sessions since the VDA's are not enabled for SSL communications. Mismatch of License edition configured on Studio...

Citrix Hypervisor Security Update

Several security issues have been identified that affect Citrix Hypervisor: Two issues, each of which may each allow privileged code in a guest VM to cause the host to crash or become unresponsive. These two issues only affect systems where the malicious guest VM has a physical PCI device passed...

Citrix Hypervisor Security Update

Description of Problem A security issue has been identified that may allow privileged code running in a guest VM to which a PCI passthrough device has been allocated to cause other VMs with PCI passthrough devices to fail to boot, crash or become unresponsive. This only applies to guest VMs where...

Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-24487, CVE-2023-24488

Vulnerabilities have been discovered in Citrix ADC and Citrix Gateway listed below, that, if exploited, could result in the following security issues: Impacted Products, Versions and Components The following supported versions of Citrix ADC and Citrix Gateway are affected by this vulnerability:...

PVS target BSOD on CVhdMp.sys

The VMWare based PVS target boots from the vdisk to message "Attempting to set IP address on Boot NIC..." and 60 seconds later BSODs. The vdisk will boot successfully on the master target device, but not on other devices...

Citrix Virtual Apps and Desktops Security Update

A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM. This...

Citrix Virtual Apps and Desktops Security Update

Description of Problem Vulnerabilities havebeen identified in CitrixVirtual Apps and Desktopsthat could, if exploited,result in: An authenticateduserof amulti-sessionWindowsVDA, who has been granted permission to write to c:\ root directory, being able toescalatetheir privilege levelon that...

Citrix Hypervisor Security Update

Description of Problem Several security issues have been identified that, collectively, may allow privileged code running in a guest VM to compromise the host or cause a denial of service. These vulnerabilities have the following identifiers: CVE ID| Description| Vulnerability Type| Pre-condition...

Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27509

A vulnerability has been discovered in Citrix ADC and Citrix Gateway which enables an attacker to create a specially crafted URL that redirects to a malicious website. This vulnerability has the following identifier: CVE-ID| Description| CWE| Pre-conditions ---|---|---|--- CVE-2022-27509|...

User session fails to launch session Received an invalid packet during its ?? handshake phase

In System Event log on the VDA a TDICA event 1019 appears. "The Citrix TDICA Transport Driver connection from xxx.xxx.xxx.xxx: to port 443received an invalid packet during its ?? handshake phase" There is however no issue launching the session and no disconnection takes place. In this scenario th...

Citrix ShareFile storage zones controller security update

Anissuehasbeen identified intheCTX269106mitigation toolforCitrix ShareFilestorage zones controllerwhichcausestheShareFilefile encryptionoptiontobecomedisabledifit hadpreviouslybeenenabled. Customers areonlyaffected by this issue if theypreviouslyselected “Enable Encryption”in the ShareFilestorage...

Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update

Multiple vulnerabilities have been discovered in Citrix ADCformerlyknown asNetScaler ADCandCitrix Gateway formerlyknown asNetScaler Gateway,and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO.These vulnerabilities,if exploited,could result in the following security issue...

PVS boot time message "Attempting to set IP address on Boot NIC.......complete after 51s."

Target devices show a boot time message "Attempting to set IP address on Boot NIC.......complete after 51s." This message was not observed in earlier versions of PVS target device software like PVS 1912...

Citrix Security Advisory for TCP/IP Reassembly Resource Exhaustion

Description of Problem Several vulnerabilities in TCP/IP reassembly commonly known as SegmentSmack and FragmentSmack have recently been disclosed. SegmentSmack is CVE-2018-5390 for Linux and CVE-2018-6922 for FreeBSD. FragmentSmack is CVE-2018-5391 for Linux and CVE-2018-6923 for FreeBSD. These...

Citrix Secure Mail for Android Security Update

Description of Problem Vulnerabilities have been discovered in CitrixSecure Mailfor Androidthatcould allowunauthorisedaccessto datawithinCitrix Secure Mail. These vulnerabilities have the following identifiers: CVE ID| Description| Vulnerability Type| Pre-conditions ---|---|---|--- CVE-2020-8274|...

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424

Severity - Critical Description of Problem Multiple vulnerabilities have been discovered in NetScaler ADC formerly Citrix ADC and NetScaler Gateway formerly Citrix Gateway. Refer below for further details. Affected Versions The following supported versions of NetScaler ADC and NetScaler Gateway a...

VDA Registration Step by Step and Troubleshoot common VDA Registration Failures

This article explains step by step process of VDA registration and troubleshoot common VDA registration failure issues...

Citrix Cloud Connector Security Update

A vulnerability has been identified in Citrix Cloud Connector that may result in sensitive information being stored in the Citrix Cloud Connector installation log files which, if exploited, could allow access to a customer’s Citrix Cloud environment. CVE ID| Description| Vulnerability Type|...

XenServer and Citrix Hypervisor Security Update for CVE-2023-46842, CVE-2024-2201 and CVE-2024-31142

Description of Problem Two issues have been identified that affect XenServer and Citrix Hypervisor; each issue may allow malicious unprivileged code in a guest VM to infer the contents of memory belonging to its own or other VMs on the same host. These issues have the following identifiers:...

Citrix Endpoint Management (XenMobile Server) Security Bulletin for CVE-2021-44519, CVE-2021-44520, and CVE-2022-26151

Vulnerabilities have been discovered in Citrix Endpoint Management XenMobile Server, which, collectively, may allow a XenMobile console user with either anadmin role or a custom role that has ‘Create Support Bundles’ enabled,to gain root access to the underlying OS. CVE-ID| Description| CWE|...

Citrix Hypervisor Security Update

Two security issues have been identified in Citrix Hypervisor 8.2 LTSR, each of which may allow privileged code in a guest VM to cause the host to crash or become unresponsive. These issues only affect Citrix Hypervisor 8.2 LTSR. These issues have the following CVE identifiers: CVE-2021-3416...

Citrix Hypervisor Security Bulletin for CVE-2022-3643, CVE-2022-42328 & CVE-2022-42329

Several security issues have been identified in Citrix Hypervisor 8.2 LTSR CU1, each of which may allow a privileged user in a guest VM to cause the host to become unresponsive or crash. These issues have the following CVE identifiers: CVE-2022-3643 CVE-2022-42328 CVE-2022-42329...

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967

Multiple vulnerabilities have been discovered in NetScaler ADC formerly Citrix ADC and NetScaler Gateway formerly Citrix Gateway. Affected Versions: The following supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities: NetScaler ADC and NetScaler...

Citrix StoreFront Security Bulletin for CVE-2023-5914

A vulnerability has been discovered in Citrix StoreFront, which, if exploited, may result in a Cross-site scripting XSS attack. Affected Versions: The following supported versions of Citrix StoreFront are affected by the vulnerability: Current Release CR Citrix StoreFront before 2308.1 Citrix...

Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516

Vulnerabilities have been discovered in Citrix Gateway and Citrix ADC, listed below. Note that only appliances that are operating as a Gateway SSL VPN, ICA Proxy, CVPN, RDP Proxy are affected by the first issue, which is rated as a Critical severity vulnerability. CVE-ID| Description| CWE| Affect...

Windows Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2024-6151

Description of Problem A vulnerability has been identified that impacts Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS. Refer to below for further details: Affected Versions The vulnerability affects the following supported versions of Windows Virtual...

SAML Intermittence on Citrix Gateway: Internal server error 43524

Users may experience intermittent issues during the SAML configuration process on Citrix Gateway. This can result in unpredictable behavior, with some users successfully accessing the SAML login while others encountering an "Internal server error 43524" message...

Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467

Multiple vulnerabilities have been discovered in NetScaler ADC formerly Citrix ADC and NetScaler Gateway formerly Citrix Gateway. The following supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities: NetScaler ADC and NetScaler Gateway13.1before13.1-49.13...

Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518

A vulnerability has been discovered in Citrix Gateway and Citrix ADC, listed below, that, if exploited, could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance. CVE-ID| Description| CWE| Affected Products| Pre-conditions ---|---|---|---|---...

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549

Two vulnerabilities have been discovered in NetScaler ADC formerly Citrix ADC and NetScaler Gateway formerly Citrix Gateway. Affected Versions: The following supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities: NetScaler ADC and NetScaler...

Citrix Secure Access client for Windows Security Bulletin for CVE-2023-24491

A vulnerability has been discovered in the Citrix Secure Access client for Windows. The following supported versions are affected by the vulnerability: Versions before 23.5.1.3 The issue has the following identifier:...

NetScaler shows an error stating "String length exceeds maximum [passplain, 31]"

When trying to update an existing certificate file with a new certificate file, upon clicking 'Ok', you see the following error appear: "String length exceeds maximum passplain, 31" The attempt to save the changes made fail because of the error which appears...

Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update

Multiple vulnerabilities have been discovered in Citrix ADCformerly known as NetScaler ADC, Citrix Gateway formerly known as NetScaler Gateway, and Citrix SD-WAN WANOP Edition appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited,could result in the followin...

CVE-2019-11634 - Remote Code Execution Vulnerability in Citrix Workspace app and Receiver for Windows

Description of Problem A vulnerability has been identified in Citrix Workspace app and Receiver for Windows that could result in local drive access preferences not being enforced allowing an attacker read/write access to the clients local drives which could enable code execution on the client...

Citrix Virtual Apps and Desktops Security Bulletin for CVE-2023-24483

A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA. The vulnerability has been given the following identifier: CVE ID| Description| Vulnerability Type|...

Citrix ShareFile storage zones Controller multiple security updates

Description of Problem Security issues have been identified in customer-managed Citrix ShareFile storage zone controllers. These vulnerabilities, if exploited, would allow an unauthenticated attacker to compromise the storage zones controller potentially giving an attacker the ability to access...

Citrix XenServer 7.2 Multiple Security Updates

Description of Problem A number of security issues have been identified within Citrix XenServer 7.2 which could, if exploited, allow a malicious man-in-the-middle MiTM attacker on the management network to decrypt management traffic. Collectively, this has been rated as a medium severity...