Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Multiple vulnerabilities in Citrix ADC, Citrix Gateway, and Citrix
Alerts

Multiple vulnerabilities in Citrix ADC, Citrix Gateway, and Citrix

18 September 2020

Citrix issued a security update to address multiple vulnerabilities in its Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SDWAN WANOP:

•    CVE-2020-8245 - A HTML injection attack against the Secure Sockets Layer (SSL) Virtual Private Network (VPN) web portal
•    CVE-2020-8246 - A denial of service attack originating from the management network
•    CVE-2020-8247 - Escalation of privileges on the management interface

Successful exploitation of these vulnerabilities could allow attackers to perform a HTML injection attack against the SSL VPN web portal, cause a denial of service attack originating from the management network, or escalate privileges on the management interface.

Citrix Administrators are strongly advised to patch your systems to the latest version immediately.

For more information, refer to:

https://support.citrix.com/article/CTX281474

Back to top