Vulnerability Description
An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Application Delivery Controller Firmware | < 11.1-65.23 |
| Citrix | Application Delivery Controller | - |
| Citrix | Gateway | < 11.1-65.23 |
| Citrix | Sd-Wan | < 10.2.9c |
Related Weaknesses (CWE)
References
- https://support.citrix.com/article/CTX330728Vendor Advisory
- https://support.citrix.com/article/CTX330728Vendor Advisory
FAQ
What is CVE-2021-22956?
CVE-2021-22956 is a vulnerability with a CVSS score of 7.5 (HIGH). An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface acces...
How severe is CVE-2021-22956?
CVE-2021-22956 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22956?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Application Delivery Controller Firmware, Citrix Application Delivery Controller, Citrix Gateway, Citrix Sd-Wan.