CVE-2021-22919Allocation of Resources Without Limits or Throttling in Citrix Application Delivery Controller Firmware

CWE-770Allocation of Resources Without Limits or ThrottlingCWE-284Improper Access ControlCWE-384Session FixationCWE-400Uncontrolled Resource Consumption4 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 33.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Citrix Application Delivery Controller FirmwareCitrix GatewayCitrix Netscaler Gateway+10 more
Timeline
PublishedAug 5
Latest updateMay 24

Description

A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages14 packages

NVDcitrix/netscaler_gateway11.111.1-65.22
NVDcitrix/gateway12.112.1-62.27+1

🔴Vulnerability Details

1
GHSA
GHSA-8v5q-r6pr-xg3j: A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citr2022-05-24

📋Vendor Advisories

2
Citrix
CVE-2021-22919: A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citr2021-08-05
Citrix
Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update2021-07-19