In October Citrix released a fix versions for a lot of Netscaler (ADC). Since the vulnerability is critical I wanted to mention on my blog.
A vulnerability has been identified in the management interface of Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC, and Citrix Gateway, formerly known as NetScaler Gateway, that, if exploited, could allow an attacker with access to the management interface to gain administrative access to the appliance.Citrix support : https://support.citrix.com/article/CTX261055
This vulnerability has been assigned the following CVE number:
- CVE-2019-18225: Authentication Bypass Vulnerability in the Management Interface of Citrix Application Delivery Controller and Citrix Gateway
This vulnerability affects the following product versions:
- Citrix ADC and Citrix Gateway version 13.0 earlier than and including build 41.20
- Citrix ADC and NetScaler Gateway version 12.1 earlier than and including build 54.13
- Citrix ADC and NetScaler Gateway version 12.0 earlier than and including build 62.8
- Citrix ADC and NetScaler Gateway version 11.1 earlier than and including build 62.8
- Citrix ADC and NetScaler Gateway version 10.5 earlier than and including build 70.5
Citrix strongly recommends that customers impacted by this vulnerability upgrade to a version of the Citrix ADC or Citrix Gateway that contains a fix for this issue as soon as possible.