Description of Problem
Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could result in the following security issues:
| CVE-ID | Description | CWE | Affected Products | Pre-conditions |
| CVE-2020-8299 | Network-based denial-of-service from within the same Layer 2 network segment | CWE-400: Uncontrolled Resource Consumption | Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP | The attacker machine must be in the same Layer 2 network segment as the vulnerable appliance |
The following supported versions of Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP are affected by CVE-2020-8299:
- Citrix ADC and Citrix Gateway 13.0 before 13.0-76.29
- Citrix ADC and Citrix Gateway 12.1 before 12.1-61.18
- Citrix ADC and NetScaler Gateway 11.1 before 65.20
- Citrix ADC 12.1-FIPS before 12.1-55.238
- Citrix SD-WAN WANOP 11.4 before 11.4.0
- Citrix SD-WAN WANOP 11.3 before 11.3.2
- Citrix SD-WAN WANOP 11.3 before 11.3.1a
- Citrix SD-WAN WANOP 11.2 before 11.2.3a
- Citrix SD-WAN WANOP 11.1 before 11.1.2c
- Citrix SD-WAN WANOP 10.2 before 10.2.9a
What Customers Should Do
The following supported versions of Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP address CVE-2020-8299, a Medium severity vulnerability.
- Citrix ADC and Citrix Gateway 13.0-76.29 and later releases of 13.0
- Citrix ADC and Citrix Gateway 12.1-61.18 and later releases of 12.1
- Citrix ADC and NetScaler Gateway 11.1-65.20 and later releases of 11.1
- Citrix ADC 12.1-FIPS 12.1-55.238 and later releases of 12.1-FIPS
- Citrix SD-WAN WANOP 11.4.0 and later releases of 11.4
- Citrix SD-WAN WANOP 11.3.2 and later releases of 11.3
- Citrix SD-WAN WANOP 11.3.1a and later releases of 11.3
- Citrix SD-WAN WANOP 11.2.3a and later releases of 11.2
- Citrix SD-WAN WANOP 11.1.2c and later releases of 11.1
- Citrix SD-WAN WANOP 10.2.9a and later releases of 10.2