security and privacy

Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27507 and CVE-2022-27508

Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27507 and CVE-2022-27508

The following vulnerabilities have recently been discovered and announced by Citrix.

CVE-2022-27507 Authenticated denial of service CWE-400: Uncontrolled Resource Consumption    VPN (Gateway) virtual server with   DTLS, and  either ‘HDX Insight for EDT traffic’ or ‘SmartControl’ is configured 
CVE-2022-27508 Unauthenticated denial of service CWE-400: Uncontrolled Resource Consumption    Appliance must be configured as a VPN (Gateway) or AAA virtual server 

Details on the conditions under which the above vulnerabilities are triggered can be found at https://support.citrix.com/article/CTX457048.

Citrix recommends that affected customers install the relevant updated versions of Citrix ADC or Citrix Gateway as soon as possible.

  • Citrix ADC and Citrix Gateway 13.1-21.50 and later releases 
  • Citrix ADC and Citrix Gateway 13.0-85.19 and later releases of 13.0  
  • Citrix ADC and Citrix Gateway 12.1-64.17 and later releases of 12.1  
  • Citrix ADC 12.1-FIPS 12.1-55.278 and later releases of 12.1-FIPS  
  • Citrix ADC 12.1-NDcPP 12.1-55.278 and later releases of 12.1-NDcPP 

Source

https://support.citrix.com/article/CTX457048

About The Author