Vulnerabilities > CVE-2019-18225 - Unspecified vulnerability in Citrix products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

citrix

critical

NVD

Published: 2019-10-21

Updated: 2020-08-24

Summary

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name.

Vulnerable Configurations

Part	Description	Count
OS	Citrix Citrix Application Delivery Controller Firmware 10.5 Citrix Application Delivery Controller Firmware 11.1 Citrix Application Delivery Controller Firmware 12.0 Citrix Application Delivery Controller Firmware 12.1 Citrix Application Delivery Controller Firmware 13.0 Citrix Netscaler Gateway Firmware 10.5 Citrix Netscaler Gateway Firmware 11.1 Citrix Netscaler Gateway Firmware 12.0 Citrix Netscaler Gateway Firmware 12.1 Citrix Gateway Firmware 13.0	10
Hardware	Citrix Citrix Application Delivery Controller - Citrix Netscaler Gateway - Citrix Gateway -	3

References

https://support.citrix.com/article/CTX261055