Citrix tells everyone not to worry too much over its latest security patches. NSA's former top hacker disagrees

Citrix tells everyone not to worry too much over its latest security patches. NSA's former top hacker disagrees

Citrix has issued patches for 11 CVE-listed security vulnerabilities in its various networking products.


The bundle includes fixes for one code injection bug, three information disclosure flaws, three elevation of privilege bugs, two cross-site scripting vulnerabilities, one denial-of-service hole, and one authorization-bypass flaw.


Affected gear includes the Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP. So far there have been no reports of any of the bugs being targeted in the wild, though Rob Joyce, former head of the NSA's Tailored Access Operations elite hacking team, warns it's time for admins to get busy – and so soon after patches emerged for vulns in citrix tells everyone worry latest security patches former hacker disagrees