CVE-2019-18177

Name of the Vulnerable Software and Affected Versions Citrix ADC and Citrix Gateway versions 13.0-58.30 and later releases before the CTX276688 update

Description The issue is related to insufficient protection of service data in the implementation of SSL VPN controller delivery in Citrix ADC and Citrix Gateway systems. This can allow a remote attacker to gain unauthorized access to protected information. Specifically, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint.

Recommendations For Citrix ADC and Citrix Gateway versions 13.0-58.30 and later releases before the CTX276688 update, apply the CTX276688 update to resolve the issue. As a temporary workaround, consider restricting access to the configured SSL VPN endpoint until the update is applied.