CVE-2020-8299

Name of the Vulnerable Software and Affected Versions: Citrix ADC and Citrix/NetScaler Gateway versions 13.0 before 13.0-76.29 Citrix ADC and Citrix/NetScaler Gateway versions 12.1-61.18 Citrix ADC and Citrix/NetScaler Gateway versions 11.1-65.20 Citrix ADC 12.1-FIPS versions before 12.1-55.238 Citrix SD-WAN WANOP Edition versions before 11.4.0 Citrix SD-WAN WANOP Edition versions 11.3.2 Citrix SD-WAN WANOP Edition versions 11.3.1a Citrix SD-WAN WANOP Edition versions 11.2.3a Citrix SD-WAN WANOP Edition versions 11.1.2c Citrix SD-WAN WANOP Edition versions 10.2.9a

Description: The issue is related to uncontrolled resource consumption, which can be exploited through a network-based denial-of-service attack from within the same Layer 2 network segment. The attacker must be in the same Layer 2 network segment as the vulnerable appliance to carry out the attack.

Recommendations: For Citrix ADC and Citrix/NetScaler Gateway versions 13.0 before 13.0-76.29, update to version 13.0-76.29 or later. For Citrix ADC and Citrix/NetScaler Gateway versions 12.1-61.18, update to a version after 12.1-61.18. For Citrix ADC and Citrix/NetScaler Gateway versions 11.1-65.20, update to a version after 11.1-65.20. For Citrix ADC 12.1-FIPS versions before 12.1-55.238, update to version 12.1-55.238 or later. For Citrix SD-WAN WANOP Edition versions before 11.4.0, update to version 11.4.0 or later. For Citrix SD-WAN WANOP Edition versions 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, and 10.2.9a, update to a version after the specified version.