CVE-2021-22919

EPSS 0.7%
Published 05.08.2021 21:15:10
Last modified 21.11.2024 05:50:54
Source support@hackerone.com
Teams watchlist Login
Open Login

A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Citrix ≫ Application Delivery Controller Firmware Version >= 11.1 < 11.1-65.22

Citrix ≫ Application Delivery Controller Version-

Citrix ≫ Application Delivery Controller Firmware Version >= 12.1 < 12.1-62.27

Citrix ≫ Application Delivery Controller Version-

Citrix ≫ Application Delivery Controller Firmware Version >= 13.0 < 13.0-82.45

Citrix ≫ Application Delivery Controller Version-

Citrix ≫ Application Delivery Controller Firmware Version >= 12.1 < 12.1-55.238

   Citrix ≫ Mpx/sdx 14030 Fips Version-
   Citrix ≫ Mpx/sdx 14060 Fips Version-
   Citrix ≫ Mpx/sdx 14080 Fips Version-
   Citrix ≫ Mpx 15030-50g Fips Version-
   Citrix ≫ Mpx 15040-50g Fips Version-
   Citrix ≫ Mpx 15060-50g Fips Version-
   Citrix ≫ Mpx 15080-50g Fips Version-
   Citrix ≫ Mpx 15100-50g Fips Version-
   Citrix ≫ Mpx 15120-50g Fips Version-
   Citrix ≫ Mpx 8905 Fips Version-
   Citrix ≫ Mpx 8910 Fips Version-
   Citrix ≫ Mpx 8920 Fips Version-

Citrix ≫ Gateway Version >= 12.1 < 12.1-62.27

Citrix ≫ Gateway Version >= 13.0 < 13.0-82.45

Citrix ≫ NetScaler Gateway Version >= 11.1 < 11.1-65.22

Citrix ≫ Sd-wan Wanop Version >= 10.2 < 10.2.9.b

   Citrix ≫ 4000-wo Version-
   Citrix ≫ 4100-wo Version-
   Citrix ≫ 5000-wo Version-
   Citrix ≫ 5100-wo Version-

Citrix ≫ Sd-wan Wanop Version >= 11.2 < 11.2.3.b

   Citrix ≫ 4000-wo Version-
   Citrix ≫ 4100-wo Version-
   Citrix ≫ 5000-wo Version-
   Citrix ≫ 5100-wo Version-

Citrix ≫ Sd-wan Wanop Version >= 11.3 < 11.3.2.a

   Citrix ≫ 4000-wo Version-
   Citrix ≫ 4100-wo Version-
   Citrix ≫ 5000-wo Version-
   Citrix ≫ 5100-wo Version-

Citrix ≫ Sd-wan Wanop Version >= 11.4 < 11.4.0.a

   Citrix ≫ 4000-wo Version-
   Citrix ≫ 4100-wo Version-
   Citrix ≫ 5000-wo Version-
   Citrix ≫ 5100-wo Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.7%	0.696

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://support.citrix.com/article/CTX319135

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-22919

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-22919

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-22919

EUVD