CVE-2021-22955 - Vulnerability Details

Vendors	Products
Citrix	Application Delivery Controller Application Delivery Controller Firmware Gateway

Link	Providers
https://support.citrix.com/article/CTX330728

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Citrix ADC, Citrix Gateway", "vendor": "n/a", "versions": [{"status": "affected", "version": "Citrix ADC 111.1, 2.1, 13.0,13.1"}]}], "descriptions": [{"lang": "en", "value": "A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "Denial of Service (CWE-400)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-12-07T13:12:33", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.citrix.com/article/CTX330728"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2021-22955", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Citrix ADC, Citrix Gateway", "version": {"version_data": [{"version_value": "Citrix ADC 111.1, 2.1, 13.0,13.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service (CWE-400)"}]}]}, "references": {"reference_data": [{"name": "https://support.citrix.com/article/CTX330728", "refsource": "MISC", "url": "https://support.citrix.com/article/CTX330728"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:58:25.965Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.citrix.com/article/CTX330728"}]}]}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2021-22955", "datePublished": "2021-12-07T13:12:33", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2024-08-03T18:58:25.965Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Citrix ADC, Citrix Gateway (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : Citrix ADC 111.1, 2.1, 13.0,13.1 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-400 (string)

description : Denial of Service (CWE-400) (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-12-07T13:12:33 (string)

orgId : 36234546-b8fa-4601-9d6f-f4e334aa8ea1 (string)

shortName : hackerone (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://support.citrix.com/article/CTX330728 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : support@hackerone.com (string)

ID : CVE-2021-22955 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Citrix ADC, Citrix Gateway (string)

version : { »

version_data : [ »

0 : { »

version_value : Citrix ADC 111.1, 2.1, 13.0,13.1 (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Denial of Service (CWE-400) (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://support.citrix.com/article/CTX330728 (string)

refsource : MISC (string)

url : https://support.citrix.com/article/CTX330728 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T18:58:25.965Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://support.citrix.com/article/CTX330728 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 36234546-b8fa-4601-9d6f-f4e334aa8ea1 (string)

assignerShortName : hackerone (string)

cveId : CVE-2021-22955 (string)

datePublished : 2021-12-07T13:12:33 (string)

dateReserved : 2021-01-06T00:00:00 (string)

dateUpdated : 2024-08-03T18:58:25.965Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "609476CC-EB28-4FC2-8035-1C8A0F6F5573", "versionEndIncluding": "11.1-65.23", "vulnerable": true}, {"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C076C750-AC7C-48DD-86B2-EB69FA14467F", "versionEndExcluding": "12.1-63.22", "versionStartIncluding": "12.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C2F3ACE6-B0F6-4E27-9DD8-EFEC98A7ACB4", "versionEndExcluding": "13.0-83.27", "versionStartIncluding": "13.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C7C2760-C923-4D70-B9BA-9905CBD7A72C", "versionEndExcluding": "11.1-65.23", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "FEC9E148-82D8-4032-9E30-3A40362FEF29", "versionEndExcluding": "12.1-63.22", "versionStartIncluding": "12.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FA42F00-61CF-44DB-9C16-C3EDD3960548", "versionEndExcluding": "13.0-83.27", "versionStartIncluding": "13.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de denegaci\u00f3n de servicio no autenticada en Citrix ADC versiones anteriores a 13.0-83.27, versiones anteriores a 12.1-63.22 y 11.1-65.23 que, cuando es configurado como servidor virtual VPN (Gateway) o AAA, podr\u00eda permitir a un atacante causar una interrupci\u00f3n temporal de la GUI de administraci\u00f3n, la API Nitro y la comunicaci\u00f3n RPC"}], "id": "CVE-2021-22955", "lastModified": "2024-11-21T05:51:00.833", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-07T14:15:08.890", "references": [{"source": "support@hackerone.com", "tags": ["Vendor Advisory"], "url": "https://support.citrix.com/article/CTX330728"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.citrix.com/article/CTX330728"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "support@hackerone.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 609476CC-EB28-4FC2-8035-1C8A0F6F5573 (string)

versionEndIncluding : 11.1-65.23 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C076C750-AC7C-48DD-86B2-EB69FA14467F (string)

versionEndExcluding : 12.1-63.22 (string)

versionStartIncluding : 12.1 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C2F3ACE6-B0F6-4E27-9DD8-EFEC98A7ACB4 (string)

versionEndExcluding : 13.0-83.27 (string)

versionStartIncluding : 13.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 80E69E10-6F40-4FE4-9D84-F6C25EAB79D8 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 7C7C2760-C923-4D70-B9BA-9905CBD7A72C (string)

versionEndExcluding : 11.1-65.23 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:* (string)

matchCriteriaId : FEC9E148-82D8-4032-9E30-3A40362FEF29 (string)

versionEndExcluding : 12.1-63.22 (string)

versionStartIncluding : 12.1 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 0FA42F00-61CF-44DB-9C16-C3EDD3960548 (string)

versionEndExcluding : 13.0-83.27 (string)

versionStartIncluding : 13.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. (string)

}

1 : { »

lang : es (string)

value : Se presenta una vulnerabilidad de denegación de servicio no autenticada en Citrix ADC versiones anteriores a 13.0-83.27, versiones anteriores a 12.1-63.22 y 11.1-65.23 que, cuando es configurado como servidor virtual VPN (Gateway) o AAA, podría permitir a un atacante causar una interrupción temporal de la GUI de administración, la API Nitro y la comunicación RPC (string)

}

]

id : CVE-2021-22955 (string)

lastModified : 2024-11-21T05:51:00.833 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 4.3 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:M/Au:N/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-12-07T14:15:08.890 (string)

references : [ »

0 : { »

source : support@hackerone.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.citrix.com/article/CTX330728 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.citrix.com/article/CTX330728 (string)

}

]

sourceIdentifier : support@hackerone.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-400 (string)

}

]

source : support@hackerone.com (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-400 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object