Citrix Products Multiple Vulnerabilities

Impact

• Denial of Service

System / Technologies affected

• Citrix ADC and Citrix Gateway 13.0 before 13.0-83.27 
• Citrix ADC and Citrix Gateway 12.1 before 12.1-63.22 
• Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.23 
• Citrix ADC 12.1-FIPS before 12.1-55.257
• Citrix SD-WAN WANOP Edition 11.4 before 11.4.2 
• Citrix SD-WAN WANOP Edition 10.2 before 10.2.9c 

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

• The vendor has issued a fix:
  Citrix ADC and Citrix Gateway 13.1-4.43 and later releases of 13.1
  Citrix ADC and Citrix Gateway 13.0-83.27 and later releases of 13.0
  Citrix ADC and Citrix Gateway 12.1-63.22 and later releases of 12.1
  Citrix ADC and NetScaler Gateway 11.1-65.23 and later releases of 11.1
  Citrix ADC 12.1-FIPS 12.1-55.257 and later releases of 12.1-FIPS
  Citrix SD-WAN WANOP Edition 11.4.2 and later releases of 11.4
  Citrix SD-WAN WANOP Edition 10.2.9c and later releases of 10.2
• In addition, upon upgrading to a fixed version, Citrix recommends customers must modify the device configuration to resolve CVE-2021-22956.
  Details please refer to: https://support.citrix.com/article/CTX331588

Vulnerability Identifier

• CVE-2021-22955
• CVE-2021-22956

Source

• US-CERT
• Citrix

Related Link

• https://us-cert.cisa.gov/ncas/current-activity/2021/11/09/citrix-releases-security-updates
• https://support.citrix.com/article/CTX330728