Application Delivery Controller Firmware Security Vulnerabilities and Issues — Application Delivery Controller Firmware CVE List

Lucene search

CitrixApplication Delivery Controller Firmware

30 matches found

CVE•added 2019/12/27 2:15 p.m.•2435 views

CVE-2019-19781

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.

9.8CVSS9.8AI score0.94442EPSS

CVE•added 2020/07/10 4:15 p.m.•1062 views

CVE-2020-8193

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.

6.5CVSS6.5AI score0.94349EPSS

CVE•added 2020/07/10 4:15 p.m.•1020 views

CVE-2020-8196

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.

4.3CVSS5AI score0.6387EPSS

CVE•added 2020/07/10 4:15 p.m.•1018 views

CVE-2020-8195

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.

6.5CVSS6.2AI score0.85271EPSS

CVE•added 2022/12/13 5:15 p.m.•736 views

CVE-2022-27518

Unauthenticated remote arbitrary code execution

9.8CVSS9.8AI score0.09825EPSS

CVE•added 2022/11/08 10:15 p.m.•685 views

CVE-2022-27510

Unauthorized access to Gateway user capabilities

9.8CVSS9.6AI score0.00697EPSS

CVE•added 2022/11/08 10:15 p.m.•265 views

CVE-2022-27513

Remote desktop takeover via phishing

9.6CVSS9.3AI score0.00234EPSS

CVE•added 2020/07/10 4:15 p.m.•159 views

CVE-2020-8194

Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.

6.5CVSS6.8AI score0.79516EPSS

CVE•added 2022/11/08 10:15 p.m.•112 views

CVE-2022-27516

User login brute force protection functionality bypass

9.8CVSS7.4AI score0.00026EPSS

CVE•added 2019/10/21 6:15 p.m.•109 views

CVE-2019-18225

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain ap...

9.8CVSS9.4AI score0.002EPSS

CVE•added 2021/08/05 9:15 p.m.•95 views

CVE-2021-22919

A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk ...

7.5CVSS7.5AI score0.00698EPSS

CVE•added 2022/12/26 9:15 p.m.•87 views

CVE-2019-18177

In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update.

6.5CVSS6.5AI score0.00204EPSS

CVE•added 2022/07/28 2:15 p.m.•85 views

CVE-2022-27509

Unauthenticated redirection to a malicious website

6.1CVSS6.2AI score0.0028EPSS

CVE•added 2020/07/10 4:15 p.m.•77 views

CVE-2020-8191

6.1CVSS6.2AI score0.90676EPSS

CVE•added 2020/07/10 4:15 p.m.•73 views

CVE-2020-8187

Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack.

7.5CVSS7.8AI score0.00623EPSS

CVE•added 2017/12/13 4:29 p.m.•71 views

CVE-2017-17382

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a RO...

5.9CVSS6.3AI score0.77766EPSS

CVE•added 2021/08/05 9:15 p.m.•69 views

CVE-2021-22927

A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.

8.1CVSS7.8AI score0.003EPSS

CVE•added 2020/07/10 4:15 p.m.•66 views

CVE-2020-8190

Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.

7.5CVSS8.1AI score0.00268EPSS

CVE•added 2020/07/10 4:15 p.m.•65 views

CVE-2020-8197

Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands.

8.8CVSS8.9AI score0.0071EPSS

CVE•added 2017/09/26 2:29 p.m.•59 views

CVE-2017-14602

A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53....

9CVSS7AI score0.01175EPSS

CVE•added 2020/07/10 4:15 p.m.•58 views

CVE-2020-8198

6.1CVSS6.5AI score0.0039EPSS

CVE•added 2021/12/07 2:15 p.m.•53 views

CVE-2021-22955

A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27,

7.5CVSS7.4AI score0.0067EPSS

CVE•added 2020/09/18 9:15 p.m.•52 views

CVE-2020-8246

Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-...

7.5CVSS7.5AI score0.00506EPSS

CVE•added 2021/12/07 2:15 p.m.•51 views

CVE-2021-22956

An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27,

7.5CVSS7.3AI score0.00506EPSS

CVE•added 2020/09/18 9:15 p.m.•50 views

CVE-2020-8245

Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11...

6.1CVSS6.9AI score0.0039EPSS

CVE•added 2018/05/17 7:29 p.m.•48 views

CVE-2018-7218

The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build 57.24 allows remote attackers to execute arbitrary code via unspecified vectors.

10CVSS9.7AI score0.06191EPSS

CVE•added 2021/06/16 2:15 p.m.•47 views

CVE-2020-8299

Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-...

6.5CVSS6.3AI score0.00246EPSS

CVE•added 2021/06/16 2:15 p.m.•47 views

CVE-2020-8300

Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must ...

6.5CVSS6.5AI score0.12609EPSS

CVE•added 2020/09/18 9:15 p.m.•45 views

CVE-2020-8247

8.8CVSS8.8AI score0.00355EPSS

CVE•added 2017/12/13 4:29 p.m.•41 views

CVE-2017-17549

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS w...

5.9CVSS5.5AI score0.00343EPSS