CVE-2019-18177

medium

Description

In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update.

References

https://www.tenable.com/cyber-exposure/2020-threat-landscape-retrospective

https://www.tenable.com/blog/cve-2020-8193-cve-2020-8195-and-cve-2020-819-active-exploitation-of-citrix-vulnerabilities

https://support.citrix.com/article/CTX276688/citrix-application-delivery-controller-citrix-gateway-and-citrix-sdwan-wanop-appliance-security-update

Details

Source: Mitre, NVD

Published: 2022-12-26

Updated: 2023-01-05

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N