30 matches found
CVE-2019-19781
CVE-2019-19781 affects Citrix ADC (formerly NetScaler) and Citrix Gateway/SD-WAN WANOP appliances. The issue is a path traversal flaw in the ADC/Gateway stack that could enable remote code execution. Exploitation was discussed publicly with advisories and mitigations; Citrix released fixes and mi...
CVE-2020-8193
CVE-2020-8193 affects Citrix ADC and Citrix Gateway (and Citrix SD-WAN WANOP) with unauthenticated access to certain endpoints due to improper access control. Affected releases include Citrix ADC/Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14, 10.5-70.18 and WAN-OP version...
CVE-2020-8195
CVE-2020-8195 involves improper input validation in Citrix ADC and Citrix Gateway (and Citrix SD-WAN WAN-OP) prior to version 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14, and 10.5-70.18, plus WAN-OP 11.1.1a/11.0.3d/10.2.7. It results in limited information disclosure to low-privileged users. T...
CVE-2020-8196
CVE-2020-8196 is an information-disclosure vulnerability in Citrix ADC/ Gateway and Citrix SD-WAN WANOP where improper access control allows limited data exposure to low-privilege users. Affected versions include Citrix ADC/Gateway prior to 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-...
CVE-2022-27518
CVE-2022-27518 affects Citrix ADC and Citrix Gateway when configured as a SAML SP or SAML IdP. The vulnerability allows unauthenticated remote arbitrary code execution. Citrix’s security bulletin CTX474995 lists affected versions: ADC/Gateway 13.0 before 13.0-58.32; 12.1 before 12.1-65.25; 12.1-F...
CVE-2022-27510
CVE-2022-27510 affects Citrix ADC and Citrix Gateway (Gateway) with unauthorized access to Gateway user capabilities. According to CTX463706, affected versions are Citrix ADC/Gateway 12.1.x before 12.1-65.21 (12.1-FIPS before 12.1-55.289), 13.0.x before 13.0-88.12, and 13.1.x before 13.1-33.47. T...
CVE-2022-27513
CVE-2022-27513 affects Citrix Gateway and Citrix ADC, enabling remote desktop takeover via phishing when the gateway is configured as a Gateway/RDP proxy. The issue, tracked in Citrix Security Bulletin CTX463706, is tied to specific appliance versions: Citrix ADC/Gateway 12.1.x before 12.1-65.21 ...
CVE-2020-8194
CVE-2020-8194 affects Citrix ADC and Citrix NetScaler Gateway (and Citrix SD-WAN WANOP family) with a remote code injection flaw described as reflected code injection. Affected versions include Citrix ADC/NetScaler Gateway before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14, and 10.5-70.18, and...
CVE-2022-27516
CVE-2022-27516 describes a bypass of the login brute-force protection in Citrix Gateway/ADC. Affected products/versions per CTX463706: Citrix ADC/Gateway 12.1.x before 12.1-65.21 (12.1-65.21 included in FIPS/NDcPP), 13.0.x before 13.0-88.12, 13.1.x before 13.1-33.47 (also 12.1-FIPS before 12.1-55...
CVE-2019-18225
CVE-2019-18225 affects Citrix ADC (NetScaler ADC) and Citrix Gateway via the management interface authentication bypass. Affected products/versions include Citrix ADC/Gateway 13.0 before build 41.28; 12.1 before 54.16; 12.0 before 62.10; 11.1 before 63.9; 10.5 before 70.8. The issue allows an att...
CVE-2021-22919
CVE-2021-22919 affects Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliances. The vulnerability could exhaust available disk space. Affected versions (per CTX319135) include WANOP: 10.2 before 10.2.9.b, 11.2 before 11.2.3.b, 11.3 before 11.3.2.a, 11.4 before 11.4.0.a; ADC/Gateway...
CVE-2019-18177
CVE-2019-18177 affects Citrix ADC and Citrix Gateway (13.0-58.30 and later prior to CTX276688 update). The issue is an information disclosure exploitable by an authenticated VPN user when a configured SSL VPN endpoint exists. The root cause is exposure of protected information via the SSL VPN end...
CVE-2022-27509
CVE-2022-27509 describes an unauthenticated redirect vulnerability in Citrix ADC and Citrix Gateway. A victim user clicking an attacker-crafted link can be redirected to a malicious website due to insufficient data authenticity verification (CWE-345). Affected appliance versions include Citrix AD...
CVE-2020-8191
CVE-2020-8191 concerns Citrix ADC and Citrix Gateway (and related WAN-OP components) with a reflected Cross-Site Scripting (XSS) vulnerability caused by improper input validation. Affected versions include Citrix ADC and Citrix Gateway before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10....
CVE-2020-8187
Citrix CTX276688 documents CVE-2020-8187 (and related CVEs) affecting Citrix ADC/NetScaler Gateway and Citrix SD-WAN WANOP appliances. Problem: improper input validation leads to unauthenticated denial of service via the management interface on affected versions. Affected products include Citrix ...
CVE-2017-17382
CVE-2017-17382 affects Citrix NetScaler ADC and NetScaler Gateway (versions 10.5 before 67.13, 11.0 before 71.22, 11.1 before 56.19, and 12.0 before 53.22). The root cause is a Bleichenbacher RSA padding oracle that could allow a remote attacker to decrypt TLS ciphertext, i.e., a ROBOT-style atta...
CVE-2021-22927
CVE-2021-22927 affects Citrix ADC and Citrix Gateway when configured as a SAML Service Provider. The vulnerability is a session fixation flaw that could allow an attacker to hijack a user session. Affected versions include Citrix ADC/Gateway 13.0 before 13.0-82.45 (and older 12.1/11.1 lines as li...
CVE-2020-8190
CVE-2020-8190 is a local elevation of privileges vulnerability in Citrix ADC and Citrix Gateway (and implicated Citrix SD-WAN WANOP appliances) caused by incorrect file permissions . It requires an authenticated user on the NSIP to exploit and can lead to privilege escalation within the device co...
CVE-2020-8197
CVE-2020-8197 affects Citrix ADC and Citrix Gateway (management interface). Vulnerable on versions 13.0-58.30 and earlier: 12.1-57.18, 12.0-63.21, 11.1-64.14, and 10.5-70.18. A low-privileged user with management access can execute arbitrary commands (privilege escalation). Remediation: apply fix...
CVE-2017-14602
CVE-2017-14602 is an authentication-bypass flaw in the Citrix NetScaler ADC/NetScaler Gateway management interface. Affected versions include NetScaler ADC and Gateway 10.1 before 135.18, 10.5 before 66.9, 10.5e before 60.7010.e, 11.0 before 70.16, 11.1 before 55.13, and 12.0 before 53.13 (except...
CVE-2021-22955
CVE-2021-22955 is an unauthenticated DoS vulnerability affecting Citrix ADC and Citrix Gateway (and relatedly Citrix SD-WAN WANOP in related CVE-2021-22956) when appliances are configured as a VPN/Gateway or AAA virtual server. Affected versions include 13.0 before 83.27, 12.1 before 63.22, 11.1 ...
CVE-2020-8198
CVE-2020-8198 describes improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18, and Citrix SD-WAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7, resulting in Stored Cross-Site Scripting (XSS). Connected sources...
CVE-2020-8300
CVE-2020-8300 affects Citrix ADC and Citrix NetScaler Gateway (multiple versions) and enables SAML authentication hijack via phishing to steal a valid user session when the appliance is configured as a SAML SP or IdP. Affected versions include 13.0-82.41, 12.1-62.23, 11.1-65.20 and 12.1-FIPS befo...
CVE-2021-22956
CVE-2021-22956 is an uncontrolled resource consumption vulnerability in Citrix ADC and related appliances that can be triggered by an attacker with management-interface access (NSIP/SNIP) to cause a temporary disruption of the Management GUI, Nitro API, and RPC communications. The issue affects m...
CVE-2020-8245
Citrix advisory CTX281474 details CVE-2020-8245 affecting Citrix ADC, Citrix Gateway, and related SD-WAN WANOP appliances. Root cause: HTML Injection due to improper input validation in the SSL VPN web portal. Impact: HTML content injection by an authenticated victim who must open an attacker-con...
CVE-2020-8246
Vulnerability summary (CVE-2020-8246) : A DoS vulnerability in Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP is triggered by an attack originating from the management network. Affected versions include Citrix ADC and Gateway 13.0-64.35 and later, 12.1-58.15 and later, 12.1-FIPS 12.1-55.187 ...
CVE-2020-8299
CVE-2020-8299 affects Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP Edition with a network-based DoS caused by uncontrolled resource consumption within the same Layer 2 segment. Affected versions listed in public disclosures include Citrix ADC/Gateway 13.0 before 13.0-76.29, 12.1 before 12....
CVE-2018-7218
CVE-2018-7218 affects Citrix NetScaler ADC and NetScaler Gateway AppFirewall, enabling remote arbitrary code execution via unspecified vectors. Affected versions include 10.5 up to 68.7, 11.0 up to 71.24, 11.1 up to 58.13, and 12.0 up to 57.24. The vulnerability has been addressed in newer builds...
CVE-2020-8247
CVE-2020-8247 affects Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP where the vulnerability resides in the management interface and allows escalation of privileges (CWE-269). Affected versions include Citrix ADC/Gateway 13.0-64.35+, 12.1-58.15+, 12.1-FIPS 12.1-55.187+, 11.1-65.12+, 11.2.1a+...
CVE-2017-17549
Citrix NetScaler ADC and NetScaler Gateway are affected by CVE-2017-17549, enabling information disclosure from the backend client TLS handshake when TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange are used. Affected virtual appliances include NetScaler ADC/Gateway ...