Citrix Multiple High Risk Vulnerability Alert

Recently, Citrix officially released multiple security vulnerability risk announcements in the Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP components. Vulnerability impact is high risk.

Citrix Systems Inc. / CC BY (https://creativecommons.org/licenses/by/3.0)

There are multiple security issues in Citrix products. Attackers can send special request packets to cause the following effects: download arbitrary files or upload arbitrary files or implement cross-site scripting attacks or implement a denial of service attacks or obtain sensitive information or authentication bypass or code injection or privilege elevation.

Vulnerability details

Citrix products use PHP to provide web services, and there are multiple errors in their PHP code that lead to the following vulnerabilities.

Affect version

• Citrix ADC and Citrix Gateway: < 13.0-58.30
• Citrix ADC and NetScaler Gateway: < 12.1-57.18
• Citrix ADC and NetScaler Gateway: < 12.0-63.21
• Citrix ADC and NetScaler Gateway: < 11.1-64.14
• NetScaler ADC and NetScaler Gateway: < 10.5-70.18
• Citrix SD-WAN WANOP: < 11.1.1a
• Citrix SD-WAN WANOP: < 11.0.3d
• Citrix SD-WAN WANOP: < 10.2.7
• Citrix Gateway Plug-in for Linux: < 1.0.0.137

Unaffected version

• Citrix ADC and Citrix Gateway: 13.0-58.30
• Citrix ADC and NetScaler Gateway: 12.1-57.18
• Citrix ADC and NetScaler Gateway:12.0-63.21
• Citrix ADC and NetScaler Gateway:11.1-64.14
• NetScaler ADC and NetScaler Gateway:10.5-70.18
• Citrix SD-WAN WANOP: 11.1.1a
• Citrix SD-WAN WANOP: 11.0.3d
• Citrix SD-WAN WANOP: 10.2.7
• Citrix Gateway Plug-in for Linux: 1.0.0.137

Solution

In this regard, we recommend that the users promptly upgrade Citrix series products to the specified version in accordance with the repair recommendations.

The post Citrix Multiple High Risk Vulnerability Alert appeared first on InfoTech News.