Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27507 and CVE-2022-27508

security and privacy

Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27507 and CVE-2022-27508 The following vulnerabilities have recently been discovered and announced by Citrix. CVE-2022-27507  Authenticated denial of service  CWE-400: Uncontrolled Resource Consumption     VPN (Gateway) virtual server with   DTLS, and  either ‘HDX Insight for EDT traffic’ or ‘SmartControl’ is configured  CVE-2022-27508  Unauthenticated denial of service  … Read more

Windows DCOM hardening

security and privacy

Introduction The Distributed Component Object Model (DCOM) Remote Protocol is a protocol for exposing application objects by way of remote procedure calls (RPCs). The protocol consists of a set of extensions layered on Microsoft Remote Procedure Call Protocol Extensions as specified in [MS-RPCE]. The DCOM Remote Protocol is also referred to as Object RPC or … Read more

Citrix ADC security vulnerabilities

security and privacy

Citrix ADC security vulnerabilities description A new security vulnerability with ID CVE-2021-22955 (Unauthenticated denial of service) has been discovered in Citrix ADC, which affects the following Citrix products and firmware versions: Citrix ADC and Citrix Gateway 13.0 before 13.0-83.27  Citrix ADC and Citrix Gateway 12.1 before 12.1-63.22  Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.23  Citrix ADC 12.1-FIPS before 12.1-55.257  Also a new security vulnerability with … Read more

Citrix announced VAD security vulnerabilities

Citrix Virtual Apps and Desktops Deployment and Adoption Resource Center

Case Citrix announced on November 10th 2020 the following vulnerabilities. CVE ID Description Vulnerability Type Pre-conditions  CVE-2020-8269 An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM CWE-269: Improper Privilege Management The attacker must be an authenticated user on the Windows VDA with write access to the C:\ directory CVE-2020-8270 An unprivileged Windows user on the VDA or a SMB user can perform arbitrary command execution as SYSTEM CWE-78: Improper Neutralization of Special … Read more

Citrix Security Vulnerability CVE-2019-19781

CVE Citrix

The Cybersecurity and Infrastructure Security Agency (CISA) has released a utility that enables users and administrators to test whether their Citrix Application Delivery Controller (ADC) and Citrix Gateway software is susceptible to the CVE-2019-19781 vulnerability. According to Citrix Security Bulletin CTX267027, beginning on January 20, 2020, Citrix will be releasing new versions of Citrix ADC and Citrix Gateway … Read more