Citrix Gateway

CVE-2023-24487: Arbitrary File Read in Citrix ADC & Gateway
CVE-2023-24487 7.5 - High - July 10, 2023

Arbitrary file read in Citrix ADC and Citrix Gateway?

CVE-2023-24488: XSS in Citrix ADC & Gateway
CVE-2023-24488 6.1 - Medium - July 10, 2023

Cross site scripting vulnerability in Citrix ADC and Citrix Gateway? in allows and attacker to perform cross site scripting

XSS

Authenticated DoS in Microsoft Outlook
CVE-2022-27507 6.5 - Medium - January 26, 2023

Authenticated denial of service

Resource Exhaustion

Unauthenticated DoS Vulnerability (CVE-2022-27508)
CVE-2022-27508 7.5 - High - January 26, 2023

Unauthenticated denial of service

Resource Exhaustion

Citrix ADC/Gateway 13.0-58.30 Authenticated Info Disclosure via SSL VPN
CVE-2019-18177 6.5 - Medium - December 26, 2022

In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update.

Unauthenticated Remote Arbitrary Code Execution (CVE-2022-27518)
CVE-2022-27518 9.8 - Critical - December 13, 2022

Unauthenticated remote arbitrary code execution

Improper Control of a Resource Through its Lifetime

Moodle login brute-force bypass
CVE-2022-27516 9.8 - Critical - November 08, 2022

User login brute force protection functionality bypass

Improper Restriction of Excessive Authentication Attempts

Ubiquiti UniFi: Unauthorized Access to Gateway User Capabilities
CVE-2022-27510 9.8 - Critical - November 08, 2022

Unauthorized access to Gateway user capabilities

authentification

RDP Takeover via Phishing Microsoft
CVE-2022-27513 9.6 - Critical - November 08, 2022

Remote desktop takeover via phishing

Insufficient Verification of Data Authenticity

Unauth Open Redirect to Malicious Site in Web App
CVE-2022-27509 6.1 - Medium - July 28, 2022

Unauthenticated redirection to a malicious website

Open Redirect

A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could
CVE-2021-22955 7.5 - High - December 07, 2021

A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.

Resource Exhaustion

An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23
CVE-2021-22956 7.5 - High - December 07, 2021

An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.

Resource Exhaustion

A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider
CVE-2021-22927 8.1 - High - August 05, 2021

A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.

Session Fixation

A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway)
CVE-2021-22919 7.5 - High - August 05, 2021

A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed.

Allocation of Resources Without Limits or Throttling

A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway)
CVE-2021-22920 6.5 - Medium - August 05, 2021

A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a SAML authentication hijack to steal a valid user session.

Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control
CVE-2020-8300 - June 16, 2021

Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.

Authorization

Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers
CVE-2020-8299 - June 16, 2021

Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.

Resource Exhaustion