Citrix today patched a set of 11 vulnerabilities found to affect its Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP (appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO) networking products.
According to Citrix, these vulnerabilities are not related to CVE-2019-19781 remote code execution flaw the company patched in January 2020 and do not affect cloud versions of Citrix appliances.
The patches released today by Citrix fully resolve all the security issues, and customers are urged to apply them as soon as possible to defend against potential attacks designed to exploit them.
Citrix is not aware of any active exploitation of these issues in the wild and says that 5 of the 11 security vulnerabilities also have barriers preventing exploitation.
"There are barriers to many of these attacks; in particular, for customers where there is no untrustworthy traffic on the management network, the remaining risk reduces to a denial-of-service attack," Citrix's CISO Fermin J. Serna explains.
"And in that case, only when Gateway or authentication virtual servers are being used. Other virtual servers, for example, load balancing and content switching virtual servers, are not affected by the issue."
Even though the barriers lower the risk of exploitation, Citrix strongly recommends customers to apply patches as quickly as possible.
Denial of service, privilege escalation, and code injection
A security advisory with detailed information on these vulnerabilities and links to all the firmware updates is available on the Citrix website.
A list of all vulnerabilities fixed by Citrix in ADC, Gateway ..
Support the originator by clicking the read the rest link below.
