Uncontrolled Resource Consumption in Citrix ADC by Citrix
CVE-2021-22956

7.5HIGH

Key Information:

Vendor: Citrix
Status: Citrix Adc, Citrix Gateway, Citrix Sdwan
Vendor: CVE Published:; 7 December 2021

What is CVE-2021-22956?

A vulnerability exists in Citrix ADC which allows an attacker to exploit the Management GUI, Nitro API, and RPC communication. If an attacker gains access to the management interface via the NSIP or SNIP, it can result in temporary disruption of services, impacting the overall functionality and management of the ADC. This vulnerability highlights the importance of secure access controls and monitoring for potential threats in network management systems.

Affected Version(s)

Citrix ADC, Citrix Gateway, Citrix SDWAN Citrix ADC 11.1,12.1,13.0,13.1

References

https://support.citrix.com/article/CTX330728

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 7, 2021
Vulnerability Reserved
Jan 6, 2021