1. Home
  2. CVE Database
  3. CVE-2019-18225
CRITICAL · 9.8

CVE-2019-18225

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 befo...

Vulnerability Description

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
CitrixApplication Delivery Controller Firmware10.5
CitrixApplication Delivery Controller-
CitrixNetscaler Gateway Firmware10.5
CitrixNetscaler Gateway-
CitrixGateway Firmware13.0
CitrixGateway-

References

FAQ

What is CVE-2019-18225?

CVE-2019-18225 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 befo...

How severe is CVE-2019-18225?

CVE-2019-18225 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-18225?

Check the references section above for vendor advisories and patch information. Affected products include: Citrix Application Delivery Controller Firmware, Citrix Application Delivery Controller, Citrix Netscaler Gateway Firmware, Citrix Netscaler Gateway, Citrix Gateway Firmware.