Denial of Service Vulnerability in Citrix ADC VPN and AAA Configuration
CVE-2021-22955

7.5HIGH

Key Information:

Vendor: Citrix
Status: Citrix Adc, Citrix Gateway
Vendor: CVE Published:; 7 December 2021

What is CVE-2021-22955?

An unauthenticated denial of service vulnerability in Citrix ADC can create significant disruptions when the product is configured as a VPN or AAA virtual server. Attackers can exploit this flaw to temporarily incapacitate key management interfaces, including the Management GUI and Nitro API, leading to an interruption in RPC communication. This can potentially hamper the usability and accessibility of the services provided by Citrix ADC, making it crucial for organizations to address this vulnerability promptly.

Affected Version(s)

Citrix ADC, Citrix Gateway Citrix ADC 111.1, 2.1, 13.0,13.1

References

https://support.citrix.com/article/CTX330728

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 7, 2021
Vulnerability Reserved
Jan 6, 2021