Citrix Announces New Vulnerability in Citrix ADC & Citrix Gateway

by Daniel Ruiz
Practice Lead, Citrix Technologies

Citrix announced a new vulnerability discovered in Citrix ADC and Citrix Gateway that could result in an attacker creating a specially crafted URL redirecting to a malicious website.

This vulnerability has the following identifier:

Affected versions of Citrix ADC and Citrix Gateway:

Appliance must be configured as a VPN (Gateway) or AAA virtual server.

• Citrix ADC and Citrix Gateway 13.1 before 13.1-24.38
• Citrix ADC and Citrix Gateway 13.0 before 13.0-86.17
• Citrix ADC and Citrix Gateway 12.1 before 12.1-65.15
• Citrix ADC 12.1-FIPS before 12.1-55.282
• Citrix ADC 12.1-NDcPP before 12.1-55.282

Solution:

Citrix recommends that affected customers install the relevant updated versions of Citrix ADC or Citrix Gateway as soon as possible.

• Citrix ADC and Citrix Gateway 13.1-24.38 and later releases
• Citrix ADC and Citrix Gateway 13.0-86.17 and later releases of 13.0
• Citrix ADC and Citrix Gateway 12.1-65.15 and later releases of 12.1
• Citrix ADC 12.1-FIPS 12.1-55.282 and later releases of 12.1-FIPS
• Citrix ADC 12.1-NDcPP 12.1-55.282 and later releases of 12.1-NDcPP

If you would like more information or assistance from our industry leading team of Citrix experts to plan and execute the upgrade, please contact us at service@helient.com.