New Citrix Vulnerabilities – What You Need to Know

Citrix has just released an article identifying multiple vulnerabilities in Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP. These vulnerabilities,  if exploited,  could result in several security issues  including:

  • Attacks that are limited to the management interface. Mitigating Factors: Customers who have configured their systems in accordance with Citrix recommendations in this guide have significantly reduced their risk.
  • Attacks that are applicable to a Virtual IP (VIP). Mitigating Factors: Customers who have not enabled either the Gateway or Authentication virtual servers are not at risk from attacks that are applicable to those servers. Other virtual servers (e.g. load balancing and content switching virtual servers) are not affected by these issues.

In addition, a vulnerability has been found in Citrix Gateway Plug-in for Linux that would allow a local, logged-on user of a Linux system with that plug-in installed to elevate their privileges to an administrator account on that computer.

  • Some versions of Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP remediate the vulnerabilities. See the list here.

What Customers Should Do – 

Fixed builds have been released for all supported versions of Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP. A2U, along with Citrix, are urging our network of end users to immediately install these updates.

The latest builds can be downloaded from these links:

Customers who are unable to immediately update to the latest version are advised to ensure access to the management interface is restricted. Please see this guide for more information.

Users with Citrix Gateway Plug-in for Linux should log-in to an updated version of Citrix Gateway and select “Network VPN mode.” Citrix Gateway will then prompt the user to update. Customers with Citrix-managed Citrix Gateway service do not need to take any action.

Quick Action Greatly Reduces Vulnerability

Of the 11 vulnerabilities, there are six possible attacks routes, five of which have barriers to exploitation. The latest patches fully resolve all the issues.

If you need help addressing these vulnerabilities or have any questions related to this issue, please call us at 888-631-2231  or email