Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27507 and CVE-2022-27508
The following vulnerabilities have recently been discovered and announced by Citrix.
| CVE-2022-27507 | Authenticated denial of service | CWE-400: Uncontrolled Resource Consumption | VPN (Gateway) virtual server with DTLS, and either ‘HDX Insight for EDT traffic’ or ‘SmartControl’ is configured |
| CVE-2022-27508 | Unauthenticated denial of service | CWE-400: Uncontrolled Resource Consumption | Appliance must be configured as a VPN (Gateway) or AAA virtual server |
Details on the conditions under which the above vulnerabilities are triggered can be found at https://support.citrix.com/article/CTX457048.
Citrix recommends that affected customers install the relevant updated versions of Citrix ADC or Citrix Gateway as soon as possible.
- Citrix ADC and Citrix Gateway 13.1-21.50 and later releases
- Citrix ADC and Citrix Gateway 13.0-85.19 and later releases of 13.0
- Citrix ADC and Citrix Gateway 12.1-64.17 and later releases of 12.1
- Citrix ADC 12.1-FIPS 12.1-55.278 and later releases of 12.1-FIPS
- Citrix ADC 12.1-NDcPP 12.1-55.278 and later releases of 12.1-NDcPP
