Admins who maintain Citrix network products should install the latest security patches. If this does not happen, attackers could, for example, hijack valid sessions.
Application delivery controllers (ADC), gateway and SD-WAN WANOP are specifically affected. With these products you can, for example, remotely access desktop applications or accelerate applications in the network environment.
Overall, the developers have closed two security holes. If attackers exploit a vulnerability (CVE2021-8299, “medium“) successfully, they could cause a Denial-of-Service-State (DoS). That could paralyze a network under certain circumstances according to a warning from Citrix however, Layer 2 network access.
The other loophole (CVE-2021-8300) is with “highAttackers could exploit them to gain access to valid sessions. It is not yet known how attacks could take place.
The network supplier ensures that the gateway service and Citrix Secure Workspace Access cloud…