Citrix yesterday issued new security patches for as many as 11 security flaws that affect its Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WAN Optimization edition (WANOP) networking products.
Successful exploitation of these critical flaws could let unauthenticated attackers perform code injection, information disclosure, and even denial-of-service attacks against the gateway or the authentication virtual servers.
Citrix confirmed that the aforementioned issues do not impact other virtual servers, such as load balancing and content switching virtual servers.
Among the affected Citrix SD-WAN WANOP appliances include models 4000-WO, 4100-WO, 5000-WO, and 5100-WO.
The networking vendor also reiterated that these vulnerabilities were not connected to a previously fixed zero-day NetScaler flaw (tagged as CVE-2019-19781) that allowed bad actors to perform arbitrary code execution even without proper authentication.
It also said there’s no evidence the newly disclosed flaws are exploited in the wild and that barriers to exploitation of these flaws are high.
“Of the 11 vulnerabilities, there are six possible attacks routes; five of those have barriers to…