CVE-2019-18225 — Citrix Application Delivery Controller Firmware vulnerability

4 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.2%

top 57.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Application Delivery Controller Firmware Citrix Gateway Firmware Citrix Netscaler Gateway Firmware +8 more

Timeline

PublishedOct 21

Latest updateMay 24

Description

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages11 packages

▶NVDcitrix/application_delivery_controller_firmware5 versions+4

▶citrixcitrix/netscaler_gateway

▶citrixcitrix/netscaler_adc_gateway

▶NVDcitrix/netscaler_gateway_firmware4 versions+3

▶citrixcitrix/netscaler_adc

🔴Vulnerability Details

GHSA

GHSA-f92g-q2qx-2g3c: An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10↗2022-05-24

▶

📋Vendor Advisories

Citrix

CVE-2019-18225: An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before b↗2019-10-21

▶

Citrix

Citrix Security Bulletin CTX261055↗

▶