Helient Blog

Helient Systems : Citrix ADC (NetScaler) New Security Vulnerabilities

Written by Daniel Ruiz | Jul 19, 2021 10:25:37 AM

by Daniel Ruiz
Senior Solutions Architect

Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO.

Citrix strongly recommends that affected customers install relevant updates as soon as possible.  If exploited could result in the following security issues.

Vulnerabilities:

  • CVE-2021-22919 – Unauthenticated requests leading to limited disk space consumption on the appliance
  • CVE-2021-22920 – SAML authentication hijack through a phishing attack to steal a valid user session.
  • CVE-2021-22927 – Session fixation by an authorized user on SAML SP

Affected by CVE-2021-22919: 

  • Citrix ADC and Citrix Gateway 13.0 before 13.0-82.45
  • Citrix ADC and Citrix Gateway 12.1 before 12.1-62.27
  • Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.22
  • Citrix ADC 12.1-FIPS before 12.1-55.247
  • Citrix SD-WAN WANOP Edition 11.4 before 11.4.0.a
  • Citrix SD-WAN WANOP Edition 11.3 before 11.3.2.a
  • Citrix SD-WAN WANOP Edition 11.2 before 11.2.3.b
  • Citrix SD-WAN WANOP Edition 10.2 before 10.2.9.b

Affected by CVE-2021-22920: 

  • Citrix ADC and Citrix Gateway 13.0-82.42
  • Citrix ADC and Citrix Gateway 12.1-62.25

Affected by CVE-2021-22927: 

  • Citrix ADC and Citrix Gateway 13.0 before 13.0-82.45
  • Citrix ADC and Citrix Gateway 12.1 before 12.1-62.27
  • Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.22
  • Citrix ADC 12.1-FIPS before 12.1-55.247

Fix to address CVE-2021-22919:

Upgrade firmware to the following versions:

  • Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0
  • Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1
  • Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1
  • Citrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPS
  • Citrix SD-WAN WANOP Edition 11.4.0a and later releases of 11.4
  • Citrix SD-WAN WANOP Edition 11.3.2a and later releases of 11.3
  • Citrix SD-WAN WANOP Edition 11.2.3b and later releases of 11.2
  • Citrix SD-WAN WANOP Edition 10.2.9b and later releases of 10.2

Fix to address CVE-2021-22920 

Upgrade firmware to the following versions:

  • Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0
  • Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1

Fix to address CVE-2021-22927 

Upgrade firmware to the following versions:

  • Citrix ADC and Citrix Gateway 13.0-82.45 and later releases of 13.0
  • Citrix ADC and Citrix Gateway 12.1-62.27 and later releases of 12.1
  • Citrix ADC and NetScaler Gateway 11.1-65.22 and later releases of 11.1
  • Citrix ADC 12.1-FIPS 12.1-55.247 and later releases of 12.1-FIPS

If you would like more information or assistance from our industry leading team of Citrix experts to plan and execute the upgrade, please contact us at service@helient.com.
View full post