Citrix Issues Critical Patches for 11 New Flaws Affecting Multiple Products

2020-07-08 00:43

Citrix yesterday issued new security patches for as many as 11 security flaws that affect its Citrix Application Delivery Controller, Gateway, and SD-WAN WAN Optimization edition networking products.

Successful exploitation of these critical flaws could let unauthenticated attackers perform code injection, information disclosure, and even denial-of-service attacks against the gateway or the authentication virtual servers.

"Of the 11 vulnerabilities, there are six possible attacks routes; five of those have barriers to exploitation," Citrix's CISO Fermin Serna said.

Although Citrix has refrained from publishing technical details of the vulnerabilities citing malicious actors' efforts to leverage the patches and the information to reverse engineer exploits, attacks on the management interface of the products could result in system compromise by an unauthenticated user, or through Cross-Site Scripting on the management interface.

It's recommended that download and apply the latest builds for Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP appliances as soon as possible to mitigate risk and defend against potential attacks designed to exploit these flaws.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/x1r37IX_gzI/citrix-software-security-update.html

#citrix #critical

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Citrix		66	2	64	101	46	213