Citrix published Security Bulletin CTX276688 on July 7, 2020 covering vulnerabilities recently discovered in Citrix ADC (formerly known as Netscaler ADC), Citrix Gateway (formerly known as Netscaler Gateway) and SD-WAN WANOP.
The vulnerabilities have been identified, with an increased risk of systems compromise and information disclosure, as well as the potential for unauthorized privilege elevation, denial of service, remote port scanning, and other attacks. At this time, of the 11 vulnerabilities, there are at least six possible attack routes, five of which have barriers to exploitation.
Citrix is not yet aware of any exploitation of these issues, but they are likely to develop as time passes. Cloud versions of networking products are not affected by these vulnerabilities.
Citrix has released patches that fully resolve all of the vulnerabilities, making it possible to patch against them before exploits occur.
This article lists the affected products, and provides the releases that remediate the vulnerabilities, as well as other precautions you should take
EDCi is available to assist you with a security check and remediation patching to your environment. If you are in need of assistance please contact the EDCi Technical Support Services Center at (800) 332-3553 or Support@edci.com.