Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Citrix Subscribe
Filtered by product Application Delivery Controller Firmware
Total 30 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-19781 1 Citrix 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more 2023-01-20 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
CVE-2019-18177 1 Citrix 3 Application Delivery Controller, Application Delivery Controller Firmware, Gateway 2023-01-05 N/A 6.5 MEDIUM
In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update.
CVE-2022-27518 1 Citrix 4 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 1 more 2022-12-14 N/A 9.8 CRITICAL
Unauthenticated remote arbitrary code execution
CVE-2022-27513 1 Citrix 3 Application Delivery Controller, Application Delivery Controller Firmware, Gateway 2022-11-09 N/A 9.6 CRITICAL
Remote desktop takeover via phishing
CVE-2022-27510 1 Citrix 3 Application Delivery Controller, Application Delivery Controller Firmware, Gateway 2022-11-09 N/A 9.8 CRITICAL
Unauthorized access to Gateway user capabilities
CVE-2022-27516 1 Citrix 3 Application Delivery Controller, Application Delivery Controller Firmware, Gateway 2022-11-09 N/A 9.8 CRITICAL
User login brute force protection functionality bypass
CVE-2020-8193 1 Citrix 11 4000-wo, 4100-wo, 5000-wo and 8 more 2022-09-20 5.0 MEDIUM 6.5 MEDIUM
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.
CVE-2020-8300 1 Citrix 16 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 13 more 2022-09-20 4.3 MEDIUM 6.5 MEDIUM
Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.
CVE-2020-8196 1 Citrix 11 4000-wo, 4100-wo, 5000-wo and 8 more 2022-09-20 4.0 MEDIUM 4.3 MEDIUM
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
CVE-2020-8195 1 Citrix 12 4000-wo, 4100-wo, 5000-wo and 9 more 2022-09-20 4.0 MEDIUM 6.5 MEDIUM
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
CVE-2022-27509 1 Citrix 3 Application Delivery Controller, Application Delivery Controller Firmware, Gateway 2022-08-05 N/A 6.1 MEDIUM
Unauthenticated redirection to a malicious website
CVE-2021-22955 1 Citrix 3 Application Delivery Controller, Application Delivery Controller Firmware, Gateway 2021-12-08 4.3 MEDIUM 7.5 HIGH
A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.
CVE-2021-22956 1 Citrix 4 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 1 more 2021-12-08 4.3 MEDIUM 7.5 HIGH
An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.
CVE-2021-22927 1 Citrix 16 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 13 more 2021-08-16 5.8 MEDIUM 8.1 HIGH
A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.
CVE-2021-22919 1 Citrix 21 4000-wo, 4100-wo, 5000-wo and 18 more 2021-08-16 5.0 MEDIUM 7.5 HIGH
A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed.
CVE-2020-8197 1 Citrix 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more 2021-07-21 6.5 MEDIUM 8.8 HIGH
Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands.
CVE-2020-8299 1 Citrix 17 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 14 more 2021-06-24 3.3 LOW 6.5 MEDIUM
Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.
CVE-2020-8245 1 Citrix 4 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 1 more 2020-10-07 4.3 MEDIUM 6.1 MEDIUM
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal.
CVE-2020-8247 1 Citrix 5 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 2 more 2020-10-07 6.5 MEDIUM 8.8 HIGH
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.
CVE-2020-8246 1 Citrix 5 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 2 more 2020-10-07 5.0 MEDIUM 7.5 HIGH
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network.