CVE-2019-18225
First published: Mon Oct 21 2019(Updated: )
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Citrix Application Delivery Controller Firmware | =10.5 | |
| Citrix Application Delivery Controller Firmware | =11.1 | |
| Citrix Application Delivery Controller Firmware | =12.0 | |
| Citrix Application Delivery Controller Firmware | =12.1 | |
| Citrix Application Delivery Controller Firmware | =13.0 | |
| Citrix Application Delivery Controller | ||
| Citrix Netscaler Gateway Firmware | =10.5 | |
| Citrix Netscaler Gateway Firmware | =11.1 | |
| Citrix Netscaler Gateway Firmware | =12.0 | |
| Citrix Netscaler Gateway Firmware | =12.1 | |
| Citrix NetScaler Gateway | ||
| Citrix Gateway Firmware | =13.0 | |
| Citrix Gateway |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-18225?
CVE-2019-18225 is an authentication bypass vulnerability in Citrix Application Delivery Controller (ADC) and Gateway.
How severe is CVE-2019-18225?
CVE-2019-18225 is categorized as critical with a severity score of 9.8 out of 10.
Which versions of Citrix ADC and Gateway are affected by CVE-2019-18225?
Versions 10.5, 11.1, 12.0, 12.1, and 13.0 of Citrix ADC and Gateway are affected by CVE-2019-18225.
How can an attacker exploit CVE-2019-18225?
An attacker with management-interface access can bypass authentication to obtain unauthorized access to applications and data.
Is there a fix for CVE-2019-18225?
Yes, Citrix has released patches to address the vulnerability. It is recommended to update to the latest firmware versions.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/citrix
- canonical/citrix application delivery controller firmware
- version/citrix application delivery controller firmware/10.5
- version/citrix application delivery controller firmware/11.1
- version/citrix application delivery controller firmware/12.0
- version/citrix application delivery controller firmware/12.1
- version/citrix application delivery controller firmware/13.0
- canonical/citrix application delivery controller
- canonical/citrix netscaler gateway firmware
- version/citrix netscaler gateway firmware/10.5
- version/citrix netscaler gateway firmware/11.1
- version/citrix netscaler gateway firmware/12.0
- version/citrix netscaler gateway firmware/12.1
- canonical/citrix netscaler gateway
- canonical/citrix gateway firmware
- version/citrix gateway firmware/13.0
- canonical/citrix gateway