ID

VAR-202112-0296


CVE

CVE-2021-22956


TITLE

Citrix ADC  Resource exhaustion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-016059

DESCRIPTION

An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. Citrix ADC Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-22956 // JVNDB: JVNDB-2021-016059 // VULHUB: VHN-381430

AFFECTED PRODUCTS

vendor:citrixmodel:gatewayscope:gteversion:12.1

Trust: 1.0

vendor:citrixmodel:sd-wanscope:ltversion:10.2.9c

Trust: 1.0

vendor:citrixmodel:application delivery controllerscope:ltversion:13.0-83.27

Trust: 1.0

vendor:citrixmodel:sd-wanscope:gteversion:11.4.0

Trust: 1.0

vendor:citrixmodel:gatewayscope:ltversion:12.1-63.22

Trust: 1.0

vendor:citrixmodel:gatewayscope:ltversion:11.1-65.23

Trust: 1.0

vendor:citrixmodel:application delivery controllerscope:ltversion:12.1-63.22

Trust: 1.0

vendor:citrixmodel:gatewayscope:gteversion:13.0

Trust: 1.0

vendor:citrixmodel:application delivery controllerscope:ltversion:11.1-65.23

Trust: 1.0

vendor:citrixmodel:application delivery controllerscope:gteversion:12.1

Trust: 1.0

vendor:citrixmodel:application delivery controllerscope:gteversion:13.0

Trust: 1.0

vendor:citrixmodel:sd-wanscope:ltversion:11.4.2

Trust: 1.0

vendor:citrixmodel:gatewayscope:ltversion:13.0-65.23

Trust: 1.0

vendor:シトリックス システムズmodel:citrix application delivery controllerscope:eqversion:citrix sd-wan

Trust: 0.8

vendor:シトリックス システムズmodel:citrix application delivery controllerscope:eqversion:citrix application delivery controller firmware 12.1-63.22

Trust: 0.8

vendor:シトリックス システムズmodel:citrix application delivery controllerscope:eqversion:citrix gateway plugin

Trust: 0.8

vendor:シトリックス システムズmodel:citrix application delivery controllerscope: - version: -

Trust: 0.8

vendor:シトリックス システムズmodel:citrix application delivery controllerscope:eqversion:citrix application delivery controller firmware 11.1-65.23

Trust: 0.8

vendor:シトリックス システムズmodel:citrix application delivery controllerscope:eqversion: -

Trust: 0.8

vendor:シトリックス システムズmodel:citrix application delivery controllerscope:eqversion:citrix application delivery controller firmware 13.0-83.27

Trust: 0.8

sources: JVNDB: JVNDB-2021-016059 // NVD: CVE-2021-22956

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22956
value: HIGH

Trust: 1.0

NVD: CVE-2021-22956
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202111-971
value: HIGH

Trust: 0.6

VULHUB: VHN-381430
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-22956
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-381430
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-22956
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-22956
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-381430 // JVNDB: JVNDB-2021-016059 // CNNVD: CNNVD-202111-971 // NVD: CVE-2021-22956

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:Resource exhaustion (CWE-400) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-381430 // JVNDB: JVNDB-2021-016059 // NVD: CVE-2021-22956

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-971

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202111-971

PATCH

title:CTX330728url:https://support.citrix.com/article/CTX330728/citrix-application-delivery-controller-citrix-gateway-and-citrix-sdwan-wanop-edition-appliance-security-update

Trust: 0.8

sources: JVNDB: JVNDB-2021-016059

EXTERNAL IDS

db:NVDid:CVE-2021-22956

Trust: 3.3

db:JVNDBid:JVNDB-2021-016059

Trust: 0.8

db:AUSCERTid:ESB-2021.3830

Trust: 0.6

db:CNNVDid:CNNVD-202111-971

Trust: 0.6

db:VULHUBid:VHN-381430

Trust: 0.1

sources: VULHUB: VHN-381430 // JVNDB: JVNDB-2021-016059 // CNNVD: CNNVD-202111-971 // NVD: CVE-2021-22956

REFERENCES

url:https://support.citrix.com/article/ctx330728

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-22956

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.3830

Trust: 0.6

sources: VULHUB: VHN-381430 // JVNDB: JVNDB-2021-016059 // CNNVD: CNNVD-202111-971 // NVD: CVE-2021-22956

SOURCES

db:VULHUBid:VHN-381430
db:JVNDBid:JVNDB-2021-016059
db:CNNVDid:CNNVD-202111-971
db:NVDid:CVE-2021-22956

LAST UPDATE DATE

2024-08-14T14:37:48.723000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-381430date:2021-12-08T00:00:00
db:JVNDBid:JVNDB-2021-016059date:2022-12-05T08:12:00
db:CNNVDid:CNNVD-202111-971date:2021-12-16T00:00:00
db:NVDid:CVE-2021-22956date:2021-12-08T19:01:17.300

SOURCES RELEASE DATE

db:VULHUBid:VHN-381430date:2021-12-07T00:00:00
db:JVNDBid:JVNDB-2021-016059date:2022-12-05T00:00:00
db:CNNVDid:CNNVD-202111-971date:2021-11-10T00:00:00
db:NVDid:CVE-2021-22956date:2021-12-07T14:15:08.943