CVE-2021-22955
published 2021-12-07CVE-2021-22955: A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA…
PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.89%
54.9th percentile
A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | application_delivery_controller_firmware | <= 11.1-65.23 | — |
| citrix | application_delivery_controller_firmware | >= 12.1 < 12.1-63.22 | 12.1-63.22 |
| citrix | application_delivery_controller_firmware | >= 13.0 < 13.0-83.27 | 13.0-83.27 |
| citrix | citrix_adc | — | — |
| citrix | citrix_application_delivery_controller | — | — |
| citrix | citrix_gateway | — | — |
| citrix | citrix_sd-wan_wanop | — | — |
| citrix | gateway | < 11.1-65.23 | 11.1-65.23 |
| citrix | gateway | >= 12.1 < 12.1-63.22 | 12.1-63.22 |
| citrix | gateway | >= 13.0 < 13.0-83.27 | 13.0-83.27 |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | sd-wan | — | — |
| citrix | xenserver | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xwgf-rg8j-2j5x: A unauthenticated denial of service vulnerability exists in Citrix ADC <13
ghsa_unreviewed·2021-12-08
CVE-2021-22955 [HIGH] CWE-400 GHSA-xwgf-rg8j-2j5x: A unauthenticated denial of service vulnerability exists in Citrix ADC <13
A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.
Citrix
CVE-2021-22955: A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or A
vendor_citrix·2021-12-07·CVSS 7.5
CVE-2021-22955 [HIGH] CWE-400 CVE-2021-22955: A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or A
CVE-2021-22955: A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.
Citrix
Citrix Application Delivery Controller and Citrix Gateway Edition appliance Security Update
vendor_citrix·CVSS 7.5
CVE-2021-22955 [HIGH] CWE-400 Citrix Application Delivery Controller and Citrix Gateway Edition appliance Security Update
Citrix Application Delivery Controller and Citrix Gateway Edition appliance Security Update
CWE
CVE References: CVE-2021-22955, CVE-2021-22956
Affected Products: Citrix ADC, Citrix Application Delivery Controller, Citrix Gateway, Citrix SD-WAN WANOP, NetScaler ADC, NetScaler Gateway, SD-WAN, XenServer
Severity: Critical
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-12-07
Published