Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27507 and CVE-2022-27508
The following vulnerabilities have recently been discovered and announced by Citrix.
|CVE-2022-27507||Authenticated denial of service||CWE-400: Uncontrolled Resource Consumption||VPN (Gateway) virtual server with DTLS, and either ‘HDX Insight for EDT traffic’ or ‘SmartControl’ is configured|
|CVE-2022-27508||Unauthenticated denial of service||CWE-400: Uncontrolled Resource Consumption||Appliance must be configured as a VPN (Gateway) or AAA virtual server|
Details on the conditions under which the above vulnerabilities are triggered can be found at https://support.citrix.com/article/CTX457048.
Citrix recommends that affected customers install the relevant updated versions of Citrix ADC or Citrix Gateway as soon as possible.
- Citrix ADC and Citrix Gateway 13.1-21.50 and later releases
- Citrix ADC and Citrix Gateway 13.0-85.19 and later releases of 13.0
- Citrix ADC and Citrix Gateway 12.1-64.17 and later releases of 12.1
- Citrix ADC 12.1-FIPS 12.1-55.278 and later releases of 12.1-FIPS
- Citrix ADC 12.1-NDcPP 12.1-55.278 and later releases of 12.1-NDcPP