Tech

Security updates: Attackers could attack networks with Citrix products

Admins who maintain Citrix network products should install the latest security patches. If this does not happen, attackers could, for example, hijack valid sessions.

Application delivery controllers (ADC), gateway and SD-WAN WANOP are specifically affected. With these products you can, for example, access desktop applications remotely or accelerate applications in the network environment.

Overall, the developers have closed two security holes. If attackers exploit a vulnerability (CVE2021-8299, “medium“) are successful, they could lead to a Denial-of-Service-State (DoS). This could paralyze a network under certain circumstances. Attackers need this to work according to a warning from Citrix however, Layer 2 network access.

The other loophole (CVE-2021-8300) is with “highAttackers could exploit them to gain access to valid sessions. It is not yet known how attacks could take place.

The network supplier ensures that the gateway service and Citrix Secure Workspace Access cloud offerings are already secured by the Citrix managed service. The following expenses are protected against the attacks described:

  • Citrix ADC and Citrix Gateway 13.0-76.29
  • Citrix ADC and Citrix Gateway 12.1-61.18
  • Citrix ADC and NetScaler Gateway 11.1-65.20
  • Citrix ADC 12.1-FIPS 12.1-55.238
  • Citrix SD-WAN WANOP 11.4.0
  • Citrix SD-WAN WANOP 11.3.2
  • Citrix SD-WAN WANOP 11.3.1a
  • Citrix SD-WAN WANOP 11.2.3a
  • Citrix SD-WAN WANOP 11.1.2c
  • Citrix SD-WAN WANOP 10.2.9a
  • Citrix ADC and Citrix Gateway 13.0-82.41
  • Citrix ADC and NetScaler Gateway ADC 12.1-62.23
  • Citrix ADC and NetScaler Gateway 11.1-65.20
  • Citrix ADC 12.1-FIPS 12.1-55.238


(of)

To home page

.