Citrix Gateway Plug-in for Windows Security Update
Vulnerabilities have been identified in Citrix Gateway Plug-in for Windows that, if exploited, could result in a local user escalating their privilege level to SYSTEM.
The vulnerabilities have the following identifiers:
- CVE-2020-8257
- CVE-2020-8258
These vulnerabilities affect the following supported versions of Citrix Gateway Plug-in for Windows:
Customers with Citrix ADC or Citrix Gateway:
- Citrix Gateway Plug-in 13.0 for Windows before 64.35
- Citrix Gateway Plug-in 12.1 for Windows before 59.16
These vulnerabilities do not affect Citrix Gateway Plug-in on other platforms.
Citrix Gateway Plug-in for Windows 11.1 is not affected by these vulnerabilities. Other versions are now End-of-Life and no longer supported.
The following supported versions of Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway) include an impacted version of Citrix Gateway Plug-in in order to distribute it to users when they connect to Citrix Gateway:
- Citrix ADC and Citrix Gateway 13.0 before 64.35
- NetScaler ADC and NetScaler Gateway 12.1 before 59.16
- Citrix ADC 12.1-FIPS before 55.190
The issues have been addressed in the following versions of Citrix Gateway Plug-in for Windows:
Customers with Citrix ADC or Citrix Gateway:
- Citrix Gateway Plug-in 13.0 for Windows 64.35 and later versions
- Citrix Gateway Plug-in 12.1 for Windows 59.16 and later versions
The latest versions of Citrix Gateway Plug-in for Windows are available from:
https://www.citrix.com/downloads/citrix-gateway/plug-ins/
The original Citrix article: https://support.citrix.com/article/CTX282684
