CVE-2021-22956
published 2021-12-07CVE-2021-22956: An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to…
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.89%
55.0th percentile
An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | application_delivery_controller_firmware | < 11.1-65.23 | 11.1-65.23 |
| citrix | application_delivery_controller_firmware | >= 12.1 < 12.1-63.22 | 12.1-63.22 |
| citrix | application_delivery_controller_firmware | >= 13.0 < 13.0-83.27 | 13.0-83.27 |
| citrix | citrix_adc | — | — |
| citrix | citrix_application_delivery_controller | — | — |
| citrix | citrix_gateway | — | — |
| citrix | citrix_sd-wan_wanop | — | — |
| citrix | gateway | < 11.1-65.23 | 11.1-65.23 |
| citrix | gateway | >= 12.1 < 12.1-63.22 | 12.1-63.22 |
| citrix | gateway | >= 13.0 < 13.0-65.23 | 13.0-65.23 |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | sd-wan | < 10.2.9c | 10.2.9c |
| citrix | sd-wan | — | — |
| citrix | sd-wan | >= 11.4.0 < 11.4.2 | 11.4.2 |
| citrix | xenserver | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2021-22956: An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with acce
vendor_citrix·2021-12-07·CVSS 7.5
CVE-2021-22956 [HIGH] CWE-400 CVE-2021-22956: An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with acce
CVE-2021-22956: An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.
Citrix
MaxClient on Httpd
vendor_citrix·CVSS 7.5
CVE-2021-22956 [HIGH] MaxClient on Httpd
MaxClient on Httpd
CVE References: CVE-2021-22956
Affected Products: Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP, NetScaler Gateway, XenServer
Remediation:
To address this issue, a setting, 'maxclientForHttpdInternalService', has been introduced in the following versions: Citrix ADC and Citrix Gateway 13.1-4.43 and later releases of 13.1 Citrix ADC and Citrix Gateway 13.0-83.27 and later releases of 13.0 Citrix ADC and Citrix Gateway 12.1-63.22 and later releases of 12.1 Citrix ADC and NetScaler Gateway 11.1-65.23 and later releases of 11.1 Citrix ADC 12.1-FIPS 12.1-55.257 and later releases of 12.1-FIPS Citrix SD-WAN WANOP Edition 11.4.2 and later releases of 11.4 Citrix SD-WAN WANOP Edition 10.2.9c and later releases of 10.2 Remediation configuration 1. Log on to the appliance via
Citrix
Citrix Application Delivery Controller and Citrix Gateway Edition appliance Security Update
vendor_citrix·CVSS 7.5
CVE-2021-22955 [HIGH] CWE-400 Citrix Application Delivery Controller and Citrix Gateway Edition appliance Security Update
Citrix Application Delivery Controller and Citrix Gateway Edition appliance Security Update
CWE
CVE References: CVE-2021-22955, CVE-2021-22956
Affected Products: Citrix ADC, Citrix Application Delivery Controller, Citrix Gateway, Citrix SD-WAN WANOP, NetScaler ADC, NetScaler Gateway, SD-WAN, XenServer
Severity: Critical
GHSA
GHSA-cvqf-ghwg-56gj: An uncontrolled resource consumption vulnerability exists in Citrix ADC <13
ghsa_unreviewed·2021-12-08
CVE-2021-22956 [HIGH] CWE-400 GHSA-cvqf-ghwg-56gj: An uncontrolled resource consumption vulnerability exists in Citrix ADC <13
An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-12-07
Published