CVE-2019-18177

moderate-risk
Published 2022-12-26

In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update.

Do I need to act?

-
0.36% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Citrix

References (2)

Vendor Advisory https://support.citrix.com/article/CTX276688/citrix-application-delivery-control...
Vendor Advisory https://support.citrix.com/article/CTX276688/citrix-application-delivery-control...
32
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 1/34 · Minimal
Exposure 7/34 · Low