Critical Citrix DDoS Bug Shuts Down Network, Cloud App Access


Citrix critical flaw XenMobile server

A critical security bug in the Citrix Application Delivery Controller (ADC) and Citrix Gateway could allow cyberattackers to crash entire corporate networks without needing to authenticate.

The two affected Citrix products (formerly the NetScaler ADC and Gateway) are used for application-aware traffic management and secure remote access, respectively. The federated working specialist pushed out a security patch on Tuesday for the vulnerability, tracked as CVE-2021-22955, which allows unauthenticated denial of service (DoS), due to uncontrolled resource consumption, according to the advisory.

Read more…