CVE-2019-18177 — Sensitive Information Exposure in Citrix Application Delivery Controller Firmware

CWE-200 — Sensitive Information Exposure5 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 41.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Application Delivery Controller Firmware Citrix Gateway Citrix ADC +7 more

Timeline

PublishedDec 26

Description

In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages10 packages

▶NVDcitrix/gateway< 13.0-58.30

▶citrixcitrix/citrix_gateway

▶citrixcitrix/netscaler_gateway

▶NVDcitrix/application_delivery_controller_firmware< 13.0-58.30

▶citrixcitrix/sd-wan

🔴Vulnerability Details

GHSA

GHSA-xqr7-fvpx-w934: In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint↗2022-12-26

▶

📋Vendor Advisories

Citrix

CVE-2019-18177: In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affe↗2022-12-26

▶

Citrix

Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update↗2020-08-17

▶

🕵️Threat Intelligence

Tenable

CVE-2020-8193, CVE-2020-8195, and CVE-2020-8196: Active Exploitation of Citrix Vulnerabilities↗2020-07-15

▶