Security updates: Attackers could attack networks with Citrix products

Published by: MRT

Published on:

Security updates: Attackers could attack networks with Citrix products

Admins who maintain Citrix network products should install the latest security patches. If this does not happen, attackers could, for example, hijack valid sessions.

Application delivery controllers (ADC), gateway and SD-WAN WANOP are specifically affected. With these products you can, for example, remotely access desktop applications or accelerate applications in the network environment.

Overall, the developers have closed two security holes. If attackers exploit a vulnerability (CVE2021-8299, “medium“) successfully, they could cause a Denial-of-Service-State (DoS). That could paralyze a network under certain circumstances according to a warning from Citrix however, Layer 2 network access.

The other loophole (CVE-2021-8300) is with “highAttackers could exploit them to gain access to valid sessions. It is not yet known how attacks could take place.

The network supplier ensures that the gateway service and Citrix Secure Workspace Access cloud offerings are already secured by the Citrix managed service. The following expenses are protected against the attacks described:

  • Citrix ADC and Citrix Gateway 13.0-76.29
  • Citrix ADC and Citrix Gateway 12.1-61.18
  • Citrix ADC and NetScaler Gateway 11.1-65.20
  • Citrix ADC 12.1-FIPS 12.1-55.238
  • Citrix SD-WAN WANOP 11.4.0
  • Citrix SD-WAN WANOP 11.3.2
  • Citrix SD-WAN WANOP 11.3.1a
  • Citrix SD-WAN WANOP 11.2.3a
  • Citrix SD-WAN WANOP 11.1.2c
  • Citrix SD-WAN WANOP 10.2.9a
  • Citrix ADC and Citrix Gateway 13.0-82.41
  • Citrix ADC and NetScaler Gateway ADC 12.1-62.23
  • Citrix ADC and NetScaler Gateway 11.1-65.20
  • Citrix ADC 12.1-FIPS 12.1-55.238


(of)

Disclaimer: This article is generated from the feed and not edited by our team.