CVE-2021-22955

Name of the Vulnerable Software and Affected Versions Citrix ADC versions prior to 13.0-83.27 Citrix ADC versions prior to 12.1-63.22 Citrix ADC versions prior to 11.1-65.23

Description A denial of service vulnerability exists in Citrix ADC when configured as a VPN or AAA virtual server, allowing an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. The vulnerability is related to an uncontrolled resource consumption issue, which can be exploited by a remote attacker to cause a denial of service on devices configured as a virtual VPN server.

Recommendations For versions prior to 13.0-83.27, update to a version that includes the fix for this issue. For versions prior to 12.1-63.22, update to a version that includes the fix for this issue. For versions prior to 11.1-65.23, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Management GUI, Nitro API, and RPC communication to minimize the risk of exploitation.