CVE-2021-22955

Published on: 12/07/2021 12:00:00 AM UTC

Last Modified on: 12/08/2021 07:43:00 PM UTC

CVE-2021-22955

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Certain versions of Application Delivery Controller from Citrix contain the following vulnerability:

A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.

CVE-2021-22955 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.5 - HIGH

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
NETWORK	LOW	NONE	NONE
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
UNCHANGED	NONE	NONE	HIGH

CVSS2 Score: 4.3 - MEDIUM

Access Vector^ⓘ	Access Complexity	Authentication
NETWORK	MEDIUM	NONE
Confidentiality Impact	Integrity Impact	Availability Impact
NONE	NONE	PARTIAL

CVE References

Description	Tags ^ⓘ	Link
Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update	support.citrix.com text/html	MISC support.citrix.com/article/CTX330728

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

376084 Citrix ADC and NetScaler Gateway Temporary disruption of the Management GUI Vulnerability (CTX330728)
376085 Citrix ADC and Citrix Gateway Unauthenticated Denial of Service (DoS) Vulnerability (CTX330728)

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Citrix	Application Delivery Controller	-	All	All	All
Operating System	Citrix	Application Delivery Controller Firmware	All	All	All	All
Operating System	Citrix	Application Delivery Controller Firmware	All	All	All	All
Application	Citrix	Gateway	All	All	All	All

cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*:
cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*:
cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*:
cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*:

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)
@cloudDNA	Heads up! New Citrix #ADC (#NetScaler) #CVE announced - CVE-2021-22955 and CVE-2021-22956. Critical for #VPN and… twitter.com/i/web/status/1…	2021-11-09 14:15:17
@Ryan_C_Butler	CVE-2021-22955 (support.citrix.com/article/CTX331…) Use grep to pull the MaxClients value (make sure to test!)… twitter.com/i/web/status/1…	2021-11-09 15:22:10
@Schnabelewobski	Seems Citrix.com has collapsed under the load of admins frantically trying to download the fixed firmware. #CVE-2021-22955	2021-11-09 17:00:13
@carlbehrent	Citrix ADC - Unauthenticated Denial of Service - CVE-2021-22955 support.citrix.com/article/CTX330…	2021-11-09 17:55:03
@IFTECHAG	Weiterer Hinweis zu #Citrix Sicherheitslücken CVE-2021-22955 bzw. 22956: Bei einzelnen Kunden gibt es nach dem Upgr… twitter.com/i/web/status/1…	2021-11-10 09:01:56
@DCIS_SUND	Varsel! ?KRITIKALITET: Høj risiko (Orange)? CVE-2021-22955 Der er blevet identificeret sårbarheder i Citrix ADC (… twitter.com/i/web/status/1…	2021-11-10 09:48:52
@autumn_good_35	CVE-2021-22955 、CVE-2021-22956 CTX330728 Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN… twitter.com/i/web/status/1…	2021-11-10 12:32:59
@SystemTek_UK	Citrix Patches Critical Vulnerability in ADC Gateway [CVE-2021-22955 and CVE-2021-22956] systemtek.co.uk/2021/11/citrix…	2021-11-11 08:55:04
@6townstechteam	Citrix Patches Critical Vulnerability in ADC Gateway [CVE-2021-22955 and CVE-2021-22956] systemtek.co.uk/2021/11/citrix…	2021-11-11 08:55:05
@securezoo	Citrix addresses Critical DoS vulnerability (CVE-2021-22955) in ADC and Citrix Gateway products… twitter.com/i/web/status/1…	2021-11-11 21:05:03
@StefanosCloud	Citrix ADC security vulnerabilities description A new security vulnerability with ID CVE-2021-22955 (Unauthenticat… twitter.com/i/web/status/1…	2021-11-15 14:35:50
@jantytgat	#BugAlert for #CitrixADC 12.1 63.23 (latest build addressing CVE-2021-22955): if you have a #syslog action based on… twitter.com/i/web/status/1…	2021-11-30 21:22:42
@ipssignatures	The vuln CVE-2021-22955 has a tweet created 0 days ago and retweeted 11 times. twitter.com/jantytgat/stat… #pow1rtrtwwcve	2021-12-01 12:06:00
@CVEreport	CVE-2021-22955 : A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 an… twitter.com/i/web/status/1…	2021-12-07 14:08:33
/r/netcve	CVE-2021-22955	2021-12-07 15:38:54