Citrix vulnerabilities
This blog contains information about recently published vulnerabilities in Citrix Application Delivery Controller, Citrix Gateway and Citrix SD-WAN WANOP appliances. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.

T-Update
This blog contains information about recently published vulnerabilities in Citrix Application Delivery Controller, Citrix Gateway and Citrix SD-WAN WANOP appliances. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.
Update June 8, 2021
16:00 | Today, Citrix published information regarding two vulnerabilities in Citrix Application Delivery Controller, Citrix Gateway and Citrix SD-WAN WANOP appliances. The vulnerabilities that were recenly published are CVE-2020-8299 (medium severity) and CVE-2020-8300 (high severity).
Background
The following supported versions of Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP are affected by CVE-2020-8299: Citrix ADC and Citrix Gateway 13.0 before 13.0-76.29 Citrix ADC and Citrix Gateway 12.1 before 12.1-61.18 Citrix ADC and NetScaler Gateway 11.1 before 65.20 Citrix ADC 12.1-FIPS before 12.1-55.238 Citrix SD-WAN WANOP 11.4 before 11.4.0 Citrix SD-WAN WANOP 11.3 before 11.3.2 Citrix SD-WAN WANOP 11.3 before 11.3.1a Citrix SD-WAN WANOP 11.2 before 11.2.3a Citrix SD-WAN WANOP 11.1 before 11.1.2c Citrix SD-WAN WANOP 10.2 before 10.2.9a The following supported versions of Citrix ADC and Citrix Gateway are affected by CVE-2020-8300: Citrix ADC and Citrix Gateway 13.0. before 13.0-82.41 Citrix ADC and Citrix Gateway 12.1 before 12.1-62.23 Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.20 Citrix ADC 12.1-FIPS before 12.1-55.238 Citrix indicates that manual changes are needed after upgrading to the latest version for CVE-2020-8300 These issues have already been addressed in Citrix-managed cloud services such as Citrix Gateway Service and Citrix Secure Workspace Access. Customers using Citrix-managed services do not need to take any additional action.
Risk
Two vulnerabilities were recently published: CVE-2020-8299 (medium severity) and CVE-2020-8300 (high severity). The table below describes information published by Citrix:
Advice
Sources
Learn more about these vulnerabilities on the Citrix support page
Sign up to receive T-Updates
Receive the latest vulnerabilities in your email every Wednesday
More than 1,000 organisations have already joined us.
