Security News > 2020 > January > Citrix emits patches to stop RCE-holes fiddling with Gateway and ADC

Citrix emits patches to stop RCE-holes fiddling with Gateway and ADC
2020-01-20 17:40

Citrix has rushed out official fixes for the well-publicised vuln in some of its server products after miscreants were seen deploying their own custom patches that left a backdoor open for later exploitation.

As previously reported, vulnerabilities in Citrix Application Delivery Encoder and Citrix Gateway could allow remote attackers to carry out unauthenticated code execution.

Some versions of Citrix Application Delivery Controller, formerly known as NetScaler ADC, and Citrix Gateway, formerly known as NetScaler Gateway, and "Certain deployments of two older versions of our Citrix SD-WAN WANOP product versions 10.2.6 and version 11.0.3" are affected by the vulns, according to Citrix.

The patches are said to be good for virtual instances of Citrix Gateway 11.1 and 12 as well as Citrix ADC 11.1 and 12.0.

Fresh patches for other Citrix ADC versions as well as SD-WAN WANOP are expected on 24 January, the company said in its statement.


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/20/citrix_patches_vulns_gateway_adc/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Citrix 119 20 183 79 65 347