Citrix Bugs Allow Unauthenticated Code Injection, Data Theft

In The Name OF Allah
Al-Salam Alekum

[Image: citrix.jpg]

Bugs again...

Quote:Admins should patch their Citrix ADC and Gateway installs immediately.

Multiple vulnerabilities in the Citrix Application Delivery Controller (ADC) and Gateway would allow code injection, information disclosure and denial of service, the networking vendor announced Tuesday. Four of the bugs are exploitable by an unauthenticated, remote attacker.

The Citrix products  (formerly known as NetScaler ADC and Gateway) are used for application-aware traffic management and secure remote access, respectively, and are installed in at least 80,000 companies in 158 countries, according to a December assessment from Positive Technologies.

Other flaws announced Tuesday also affect Citrix SD-WAN WANOP appliances, models 4000-WO, 4100-WO, 5000-WO and 5100-WO.

The Source
Wa Salam Alekum

* This article was originally published here