CISA Catalog
Data sourced from the official CISA Known Exploited Vulnerabilities Catalog. Federal agencies are required to remediate these vulnerabilities by the due date per BOD 22-01.
KEV Entries
1,619
Ransomware Use
327
Overdue
1,615
Vendors
266
Products
655
22 results · Page 1/1
Citrix NetScaler Out-of-Bounds Read Vulnerability
Citrix · NetScaler
Citrix NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS and NDcPP contain an out-of-bounds reads vulnerability when configured as a SAML IDP leading to memory overread.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Citrix NetScaler Memory Overflow Vulnerability
Citrix · NetScaler
Citrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that could allow for remote code execution and/or denial of service.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Citrix Session Recording Improper Privilege Management Vulnerability
Citrix · Session Recording
Citrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must be an authenticated user in the same Windows Active Directory domain as the session recording server domain.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Citrix Session Recording Deserialization of Untrusted Data Vulnerability
Citrix · Session Recording
Citrix Session Recording contains a deserialization of untrusted data vulnerability that allows limited remote code execution with privilege of a NetworkService Account access. Attacker must be an authenticated user on the same intranet as the session recording server.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability
Citrix · NetScaler ADC and Gateway
Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability
Citrix · NetScaler ADC and Gateway
Citrix NetScaler ADC and Gateway contain a buffer overflow vulnerability leading to unintended control flow and Denial of Service. NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
Citrix · NetScaler ADC and NetScaler Gateway
Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
Citrix · NetScaler ADC and NetScaler Gateway
Citrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interface with access to NSIP, CLIP, or SNIP.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
Citrix · NetScaler ADC and NetScaler Gateway
Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
Required Action
Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.
Citrix Content Collaboration ShareFile Improper Access Control Vulnerability
Citrix · Content Collaboration
Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
Citrix · NetScaler ADC and NetScaler Gateway
Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability
Citrix · Application Delivery Controller (ADC) and Gateway
Citrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to execute code as administrator.
Required Action
Apply updates per vendor instructions.
Citrix ShareFile Improper Access Control Vulnerability
Citrix · ShareFile
Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller.
Required Action
Apply updates per vendor instructions.
Citrix SD-WAN and NetScaler Command Injection Vulnerability
Citrix · SD-WAN and NetScaler
Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance.
Required Action
Apply updates per vendor instructions.
Citrix SD-WAN and NetScaler SQL Injection Vulnerability
Citrix · SD-WAN and NetScaler
Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection.
Required Action
Apply updates per vendor instructions.
Citrix Multiple Products Remote Code Execution Vulnerability
Citrix · NetScaler SD-WAN Enterprise, CloudBridge Virtual WAN, and XenMobile Server
A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthenticated, remote attacker being able to execute arbitrary code as a root user. This vulnerability also affects XenMobile Server.
Required Action
Apply updates per vendor instructions.
Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability
Citrix · StoreFront Server
Citrix StoreFront Server contains an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information.
Required Action
Apply updates per vendor instructions.
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability
Citrix · Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL endpoints. The attacker must have access to the NetScaler IP (NSIP) in order to perform exploitation.
Required Action
Apply updates per vendor instructions.
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability
Citrix · Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.
Required Action
Apply updates per vendor instructions.
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability
Citrix · Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.
Required Action
Apply updates per vendor instructions.
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability
Citrix · Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution.
Required Action
Apply updates per vendor instructions.
Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability
Citrix · Workspace Application and Receiver for Windows
Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives.
Required Action
Apply updates per vendor instructions.
