Citrix Gateway vulnerabilities

CVE-2024-8534 [HIGH] CWE-119 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-8534 and CVE-2024-8535 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-8534 and CVE-2024-8535 of Problem Two vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Refer below for further details. CVE References: CVE-2024-8534, CVE-2024-8535 Affected Products: Citrix ADC, Citrix Gateway, NetScaler ADC, NetScaler

CVE-2023-24487 [HIGH] CWE-253 Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-24487, CVE-2023-24488 Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-24487, CVE-2023-24488 Pre-requisites CWE CVE-2023-24488 Cross site scripting Appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server CWE-79 CVE-2023-24487 Arbitrary file read Access to NSIP or SNIP with management interface access CWE-253 Instructions Affected customers of Citri

CVE-2024-5491 [HIGH] CWE-119 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-5491 and CVE-2024-5492 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-5491 and CVE-2024-5492 of Problem Two vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Refer to below for further details: CVE References: CVE-2024-5491, CVE-2024-5492 Affected Products: Citrix ADC, Citrix Gateway, NetScaler ADC, NetSca

CVE-2023-6548 [HIGH] CWE-119 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 Pre-requisites CWE CVE-2023-6548 Authenticated (low privileged) remote code execution on Management Interface Access to NSIP, CLIP or SNIP with management interface access CWE-94 CVE-2023-6549 Denial of Service and Out-Of-Bounds Memory Read Appliance must be configured as a Gateway (VPN vi

CVE-2023-4966 [HIGH] CWE-119 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967 NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967 Pre-requisites CWE CVE-2023-4966 Sensitive information disclosure Application must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server CWE-119 CVE-2023-4967 Denial of service Appliance must be configured as a Gateway (VPN virtual server, ICA Prox

CVE-2023-3466 [MEDIUM] CWE-20 Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467 Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467 Pre-requisites CWE CVE-2023-3466 Citrix ADC, Citrix Gateway Reflected Cross-Site Scripting (XSS) Requires victim to access an attacker-controlled link in the browser while being on a network with connectivity to the NSIP CWE-20 CVE-2023-3467 Citrix ADC, Citrix Gateway Privileg

CVE-2022-27518 [CRITICAL] CWE-664 Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518 Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518 CWE CVE References: CVE-2022-27518 Affected Products: Citrix ADC, Citrix Gateway, XenServer Severity: Critical

CVE-2022-27510 [CRITICAL] CWE-288 Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516 Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516 CWE CVE References: CVE-2022-27510, CVE-2022-27513, CVE-2022-27516 Affected Products: Citrix ADC, Citrix Gateway, XenServer Severity: Critical

CVE-2021-22919 [HIGH] CWE-284 Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update CWE CVE References: CVE-2021-22919, CVE-2021-22920, CVE-2021-22927 Affected Products: Citrix ADC, Citrix Application Delivery Controller, Citrix Gateway, Citrix SD-WAN WANOP, NetScaler ADC, NetScaler Gateway, Workspace, XenServer Severity:

CVE-2020-8299 [MEDIUM] CWE-284 Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update CWE CVE References: CVE-2020-8299, CVE-2020-8300 Affected Products: Citrix ADC, Citrix Application Delivery Controller, Citrix Gateway, Citrix SD-WAN WANOP, Citrix Workspace App, NetScaler ADC, NetScaler Gateway, Workspace, XenServer Sever

CVE-2020-8245 [MEDIUM] CWE-269 Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update of Problem Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabil

CVE-2019-18177 [MEDIUM] Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update of Problem Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities,

CVE-2022-21827 [HIGH] CWE-284 Citrix Gateway Plug-in for Windows Security Bulletin for CVE-2022-21827 Citrix Gateway Plug-in for Windows Security Bulletin for CVE-2022-21827 CWE Pre-conditions CVE-2022-21827 Arbitrary corruption or deletion of files as SYSTEM CWE-284: Improper Access Control Local access to a machine that has the vulnerable plug-in installed The following supported versions of Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) are affected by this vulnerabili

CVE-2021-22956 [HIGH] MaxClient on Httpd MaxClient on Httpd CVE References: CVE-2021-22956 Affected Products: Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP, NetScaler Gateway, XenServer Remediation: To address this issue, a setting, 'maxclientForHttpdInternalService', has been introduced in the following versions: Citrix ADC and Citrix Gateway 13.1-4.43 and later releases of 13.1 Citrix ADC and Citrix Gateway 13.0-83.27 and later releases of 13.0 Citrix ADC and Citrix Gateway 12.1-63.22 and

CVE-2021-22955 [HIGH] CWE-400 Citrix Application Delivery Controller and Citrix Gateway Edition appliance Security Update Citrix Application Delivery Controller and Citrix Gateway Edition appliance Security Update CWE CVE References: CVE-2021-22955, CVE-2021-22956 Affected Products: Citrix ADC, Citrix Application Delivery Controller, Citrix Gateway, Citrix SD-WAN WANOP, NetScaler ADC, NetScaler Gateway, SD-WAN, XenServer Severity: Critical