Citrix Netscaler Gateway Firmware vulnerabilities

31 known vulnerabilities affecting citrix/netscaler_gateway_firmware.

Total CVEs

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL6HIGH9MEDIUM16

Vulnerabilities

Page 1 of 2

CVE-2020-8197HIGHCVSS 8.8≥ 10.5, < 10.5-70.18≥ 11.1, < 11.1-64.14+2 more2020-07-10

CVE-2020-8197 [HIGH] CVE-2020-8197: Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1 Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands.

nvd

CVE-2020-8187HIGHCVSS 7.5≥ 11.1, < 11.1-63.9≥ 12.0, < 12.0-62.102020-07-10

CVE-2020-8187 [HIGH] CWE-20 CVE-2020-8187: Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack.

nvd

CVE-2020-8190HIGHCVSS 7.5≥ 10.5, < 10.5-70.18≥ 11.1, < 11.1-64.14+2 more2020-07-10

CVE-2020-8190 [HIGH] CWE-281 CVE-2020-8190: Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.

nvd

CVE-2020-8198MEDIUMCVSS 6.1≥ 10.5, < 10.5-70.18≥ 11.1, < 11.1-64.14+2 more2020-07-10

CVE-2020-8198 [MEDIUM] CWE-79 CVE-2020-8198: Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 1 Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).

nvd

CVE-2020-8195MEDIUMCVSS 6.5KEVPoC≥ 10.5, < 10.5-70.18≥ 11.1, < 11.1-64.14+2 more2020-07-10

CVE-2020-8195 [MEDIUM] CWE-20 CVE-2020-8195: Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 1 Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.

nvd

CVE-2020-8196MEDIUMCVSS 4.3KEVPoC≥ 10.5, < 10.5-70.18≥ 11.1, < 11.1-64.14+2 more2020-07-10

CVE-2020-8196 [MEDIUM] CWE-284 CVE-2020-8196: Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12. Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.

nvd

CVE-2020-8193MEDIUMCVSS 6.5KEVPoC≥ 10.5, < 10.5-70.18≥ 11.1, < 11.1-64.14+2 more2020-07-10

CVE-2020-8193 [MEDIUM] CWE-284 CVE-2020-8193: Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12. Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.

nvd

CVE-2020-8191MEDIUMCVSS 6.1ExploitedPoC≥ 10.5, < 10.5-70.18≥ 11.1, < 11.1-64.14+2 more2020-07-10

CVE-2020-8191 [MEDIUM] CWE-79 CVE-2020-8191: Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 1 Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).

nvd

CVE-2020-8194MEDIUMCVSS 6.5PoC≥ 10.5, < 10.5-70.18≥ 11.1, < 11.1-64.14+2 more2020-07-10

CVE-2020-8194 [MEDIUM] CWE-94 CVE-2020-8194: Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12 Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.

nvd

CVE-2019-19781CRITICALCVSS 9.8KEVPoCv10.5v11.1+2 more2019-12-27

CVE-2019-19781 [CRITICAL] CWE-22 CVE-2019-19781: An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0 An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.

nvd

CVE-2019-18225CRITICALCVSS 9.8v10.5v11.1+2 more2019-10-21

CVE-2019-18225 [CRITICAL] CVE-2019-18225: An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 buil An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly use

nvd

CVE-2019-12044HIGHCVSS 7.5≥ 10.5.0, < 10.5.70≥ 11.1.0, < 11.1.59.10+2 more2019-05-22

CVE-2019-12044 [HIGH] CWE-119 CVE-2019-12044: A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59. A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23.

nvd

CVE-2019-6485MEDIUMCVSS 5.9v10.5v11.0+3 more2019-02-22

CVE-2019-6485 [MEDIUM] CWE-327 CVE-2019-6485: Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 1 Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain s

nvd

CVE-2018-18517MEDIUMCVSS 4.8≥ 10.5.0, < 10.5.69.003≥ 11.1.0, < 11.1.59.004+2 more2018-10-24

CVE-2018-18517 [MEDIUM] CWE-79 CVE-2018-18517: Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58 Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS.

nvd

CVE-2018-7218CRITICALCVSS 9.8v10.5v11.0+2 more2018-05-17

CVE-2018-7218 [CRITICAL] CVE-2018-7218: The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gate The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build 57.24 allows remote attackers to execute arbitrary code via unspecified vectors.

nvd

CVE-2018-6809CRITICALCVSS 9.8v10.5v11.0+2 more2018-03-06

CVE-2018-6809 [CRITICAL] CVE-2018-6809: NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow rem NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system.

nvd

CVE-2018-6810HIGHCVSS 7.5v10.5v11.0+2 more2018-03-06

CVE-2018-6810 [HIGH] CWE-22 CVE-2018-6810: Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request.

nvd

CVE-2018-6808HIGHCVSS 7.5v10.5v11.0+2 more2018-03-06

CVE-2018-6808 [HIGH] CWE-200 CVE-2018-6808: NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow rem NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system.

nvd

CVE-2018-6811MEDIUMCVSS 6.1v10.5v11.0+2 more2018-03-06

CVE-2018-6811 [MEDIUM] CWE-79 CVE-2018-6811: Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12 Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to inject arbitrary web script or HTML via the Citrix NetScaler interface.

nvd

CVE-2017-17549MEDIUMCVSS 5.9v10.5v11.0+2 more2017-12-13

CVE-2017-17549 [MEDIUM] CWE-200 CVE-2017-17549: Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13 Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS with Client Certificates and a Diffie-Hellman Ephemer

nvd

1 / 2Next →