Citrix ADC (previously known as Netscaler): vulnerability allows denial-of-service, patch available

Citrix ADC (vormals Netscaler): Sicherheitslücke erlaubt denial-of-service, Patch verfügbar

VERÖFFENTLICHT AM  VON ILEA.CON E.KFM.

Affected Products

Citrix Application Delivery Controller (ADC, previously known as Netscaler) & Gateway
– Version 13, patch lower than 13.0-83.27 
– Version 12 , patch lower than 12.1-63.22 
– Version 11 , patch lower than 11.1-65.23 
– Citrix ADC 12.1-FIPS , patch lower than 12.1-55.257 

SD-WAN WANOP

Known Attack Vectors

Risk level 1 – can be exploited from outside of the corporate networkX
Risk level 2 – can be exploited from within the corporate networkx
Risk level 3 – can be exploited on the local machinex

Description of the Attack

Denial-of-Service: an unauthenticated attack allows to overload the system ressources and produce an outage

Uncontrolled Ressource Consumption: Attackers can disrupt the Management GUI, Nitro API and RPC Communication

Recommendation / Resolution

We recommend installing the latest security patches and to review the configuration of the appliance, since the update alone may not close the second vulnerability (disruption of management GUI).

Additional Information

https://support.citrix.com/article/CTX330728 (Citrix Article on this vulnerability)

https://support.citrix.com/article/CTX331588 (Citrix Configuration Guide for Delivery Controller, Gateway and SD-WAN WANOP)