Citrix this week released patches for a couple of vulnerabilities affecting Citrix ADC, Gateway, and SD-WAN, including a critical bug leading to denial of service (DoS).
The most severe of the two bugs is CVE-2021-22955, a critical security hole that could lead to a DoS condition on appliances that have been configured as a VPN (Gateway) or AAA virtual server.
The security flaw was identified in Citrix Application Delivery Controller (ADC, formerly NetScaler ADC), and Gateway (formerly NetScaler Gateway).
Tracked as CVE-2021-22956, the second flaw could lead to the temporary disruption of the Management GUI, Nitro API, and RPC communication.
Considered low severity, the bug affects ADC and Gateway, as well as SD-WAN WANOP edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO, Citrix explains in an advisory.
Citrix addressed both vulnerabilities in ADC and Gateway 13.1-4.43 and later releases of 13.1, 13.0-83.27 and later releases of 13.0, 12.1-63.22 and later releases of 12.1, and 11.1-65.23 and later releases of 11.1, and in ADC 12.1-FIPS 12.1-55.257 and later releases of 12.1-FIPS.
CVE-2021-22956, Citrix says, was addressed in SD-WAN WANOP Edition 11.4.2 and later releases of 11.4, and 10.2.9c and later releases of 10.2.
“Please note that the WANOP feature of SD-WAN Premium Edition is not impacted,” Citrix notes.
Affected Citrix customers are encouraged to install the available patches as soon as possible.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged users and administrators to review Citrix’s advisory and apply the necessary updates.
Related: Citrix Patches Hypervisor Vulnerabilities Allowing Host Compromise
Related: Citrix Patches DoS Vulnerabilities in Hypervisor
Related: Citrix Releases Updates to Prevent DDoS Attacks Abusing Its Appliances

More from Ionut Arghire
- Malicious NPM, PyPI Packages Stealing User Information
- Boxx Insurance Raises $14.4 Million in Series B Funding
- Prilex PoS Malware Blocks NFC Transactions to Steal Credit Card Data
- 30k Internet-Exposed QNAP NAS Devices Affected by Recent Vulnerability
- Guardz Emerges From Stealth Mode With $10 Million in Funding
- Critical QNAP Vulnerability Leads to Code Injection
- GitHub Revokes Code Signing Certificates Following Cyberattack
- Vulnerabilities in OpenEMR Healthcare Software Expose Patient Data
Latest News
- Malicious NPM, PyPI Packages Stealing User Information
- VMware Confirms Exploit Code Released for Critical vRealize Logging Vulnerabilities
- 98% of Firms Have a Supply Chain Relationship That Has Been Breached: Analysis
- Dutch, European Hospitals ‘Hit by Pro-Russian Hackers’
- Gem Security Gets $11 Million Seed Investment for Cloud Incident Response Platform
- Ransomware Leads to Nantucket Public Schools Shutdown
- Stop, Collaborate and Listen: Disrupting Cybercrime Networks Requires Private-Public Cooperation and Information Sharing
- Boxx Insurance Raises $14.4 Million in Series B Funding
