CVE-2019-18177
published 2022-12-26CVE-2019-18177: In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects…
PriorityP434medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.58%
43.2th percentile
In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | application_delivery_controller_firmware | < 13.0-58.30 | 13.0-58.30 |
| citrix | citrix_adc | — | — |
| citrix | citrix_application_delivery_controller | — | — |
| citrix | citrix_gateway | — | — |
| citrix | citrix_sd-wan_wanop | — | — |
| citrix | gateway | < 13.0-58.30 | 13.0-58.30 |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | sd-wan | — | — |
| citrix | xenserver | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xqr7-fvpx-w934: In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint
ghsa_unreviewed·2022-12-26
CVE-2019-18177 [MEDIUM] CWE-200 GHSA-xqr7-fvpx-w934: In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint
In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update.
Citrix
CVE-2019-18177: In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affe
vendor_citrix·2022-12-26·CVSS 6.5
CVE-2019-18177 [MEDIUM] CWE-200 CVE-2019-18177: In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affe
CVE-2019-18177: In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update.
Citrix
Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update
vendor_citrix·2020-08-17·CVSS 6.5
CVE-2019-18177 [MEDIUM] Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update
Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update
of Problem Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could result in a number of security issues including: Attacks that are limited to the management interface System compromise by an unauthenticated user on the management network. System compromise through Cross Site Scripting (XSS) on the management interface Creation of a download link for the device which, if downloaded and then executed by an unauthenticated user on the management network, may result in the c
No detection rules found.
No public exploits indexed.
2022-12-26
Published