cvelistv5 - CVE-2022-27507

CVE-2022-27507 (GCVE-0-2022-27507)

Vulnerability from cvelistv5 – Published: 2023-01-24 00:00 – Updated: 2025-04-01 18:40

Title

Authenticated denial of service

Summary

Authenticated denial of service

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

Citrix

References

URL

Tags

https://support.citrix.com/article/CTX457048/citr…

Impacted products

	Vendor	Product	Version
	Citirx	Citrix Application Delivery Controller (Citrix ADC) and Citrix Gateway	Affected: 13.1 , < 13.1-21.50 (custom) Affected: 13.0 , < 13.0-85.19 (custom) Affected: 12.1 , < 12.1-64.17  (custom) Affected: 12.1 FIPS , < 12.1-55.278 (custom) Affected: 12.1 NDcPP , < 12.1-55.278 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:32:57.916Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-27507",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-01T18:35:32.119246Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-01T18:40:48.533Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Citrix Application Delivery Controller (Citrix ADC) and Citrix Gateway",
          "vendor": "Citirx",
          "versions": [
            {
              "lessThan": "13.1-21.50",
              "status": "affected",
              "version": "13.1",
              "versionType": "custom"
            },
            {
              "lessThan": "13.0-85.19",
              "status": "affected",
              "version": "13.0",
              "versionType": "custom"
            },
            {
              "lessThan": "12.1-64.17\u202f ",
              "status": "affected",
              "version": "12.1",
              "versionType": "custom"
            },
            {
              "lessThan": "12.1-55.278",
              "status": "affected",
              "version": "12.1 FIPS",
              "versionType": "custom"
            },
            {
              "lessThan": "12.1-55.278",
              "status": "affected",
              "version": "12.1 NDcPP",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-05-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Authenticated denial of service"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-24T00:00:00.000Z",
        "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
        "shortName": "Citrix"
      },
      "references": [
        {
          "url": "https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Authenticated denial of service ",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
    "assignerShortName": "Citrix",
    "cveId": "CVE-2022-27507",
    "datePublished": "2023-01-24T00:00:00.000Z",
    "dateReserved": "2022-03-21T00:00:00.000Z",
    "dateUpdated": "2025-04-01T18:40:48.533Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1\", \"versionEndExcluding\": \"12.1-64.17\", \"matchCriteriaId\": \"0E112D10-DA69-4574-A65A-7CD6426F598B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0\", \"versionEndExcluding\": \"13.0-85.19\", \"matchCriteriaId\": \"E6FFD486-A515-4B15-95D8-8D1D36D3011C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1\", \"versionEndExcluding\": \"13.1-21.50\", \"matchCriteriaId\": \"7C3948D7-C0F8-4172-B57A-55D94AFB4EF3\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:fips:*:*:*\", \"versionStartIncluding\": \"12.1\", \"versionEndExcluding\": \"12.1-55.278\", \"matchCriteriaId\": \"C0C9EA64-FDF6-4DA9-820B-F22F85701404\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:ndcpp:*:*:*\", \"versionStartIncluding\": \"12.1\", \"versionEndExcluding\": \"12.1-55.278\", \"matchCriteriaId\": \"E54AAEEA-4634-408C-8C95-92BE5D9F4D34\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1\", \"versionEndExcluding\": \"12.1-64.17\", \"matchCriteriaId\": \"BA72B1AC-24C8-4356-B0A1-A0D6A51F6EEA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0\", \"versionEndExcluding\": \"13.0-85.19\", \"matchCriteriaId\": \"57C256B5-7FD8-47A5-A8EF-043360AB2C0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1\", \"versionEndExcluding\": \"13.1-21.50\", \"matchCriteriaId\": \"E2E6F02E-00E6-4200-81DA-E12AC67D635A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Authenticated denial of service\"}, {\"lang\": \"es\", \"value\": \"Denegaci\\u00f3n de servicio autenticada\"}]",
      "id": "CVE-2022-27507",
      "lastModified": "2024-11-21T06:55:51.663",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}]}",
      "published": "2023-01-26T21:15:33.080",
      "references": "[{\"url\": \"https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508\", \"source\": \"secure@citrix.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@citrix.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"secure@citrix.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-27507\",\"sourceIdentifier\":\"secure@citrix.com\",\"published\":\"2023-01-26T21:15:33.080\",\"lastModified\":\"2025-04-01T19:15:42.160\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Authenticated denial of service\"},{\"lang\":\"es\",\"value\":\"Denegaci\u00f3n de servicio autenticada\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secure@citrix.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1\",\"versionEndExcluding\":\"12.1-64.17\",\"matchCriteriaId\":\"0E112D10-DA69-4574-A65A-7CD6426F598B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.0-85.19\",\"matchCriteriaId\":\"E6FFD486-A515-4B15-95D8-8D1D36D3011C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1\",\"versionEndExcluding\":\"13.1-21.50\",\"matchCriteriaId\":\"7C3948D7-C0F8-4172-B57A-55D94AFB4EF3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:fips:*:*:*\",\"versionStartIncluding\":\"12.1\",\"versionEndExcluding\":\"12.1-55.278\",\"matchCriteriaId\":\"C0C9EA64-FDF6-4DA9-820B-F22F85701404\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:ndcpp:*:*:*\",\"versionStartIncluding\":\"12.1\",\"versionEndExcluding\":\"12.1-55.278\",\"matchCriteriaId\":\"E54AAEEA-4634-408C-8C95-92BE5D9F4D34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1\",\"versionEndExcluding\":\"12.1-64.17\",\"matchCriteriaId\":\"BA72B1AC-24C8-4356-B0A1-A0D6A51F6EEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.0-85.19\",\"matchCriteriaId\":\"57C256B5-7FD8-47A5-A8EF-043360AB2C0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1\",\"versionEndExcluding\":\"13.1-21.50\",\"matchCriteriaId\":\"E2E6F02E-00E6-4200-81DA-E12AC67D635A\"}]}]}],\"references\":[{\"url\":\"https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508\",\"source\":\"secure@citrix.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T05:32:57.916Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-27507\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-01T18:35:32.119246Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-01T18:39:27.888Z\"}}], \"cna\": {\"title\": \"Authenticated denial of service \", \"source\": {\"discovery\": \"UNKNOWN\"}, \"affected\": [{\"vendor\": \"Citirx\", \"product\": \"Citrix Application Delivery Controller (Citrix ADC) and Citrix Gateway\", \"versions\": [{\"status\": \"affected\", \"version\": \"13.1\", \"lessThan\": \"13.1-21.50\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"13.0\", \"lessThan\": \"13.0-85.19\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"12.1\", \"lessThan\": \"12.1-64.17\\u202f \", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"12.1 FIPS\", \"lessThan\": \"12.1-55.278\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"12.1 NDcPP\", \"lessThan\": \"12.1-55.278\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2022-05-26T00:00:00.000Z\", \"references\": [{\"url\": \"https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Authenticated denial of service\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400 Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"e437aed5-38e0-4fa3-a98b-cb73e7acaec6\", \"shortName\": \"Citrix\", \"dateUpdated\": \"2023-01-24T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-27507\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-01T18:40:48.533Z\", \"dateReserved\": \"2022-03-21T00:00:00.000Z\", \"assignerOrgId\": \"e437aed5-38e0-4fa3-a98b-cb73e7acaec6\", \"datePublished\": \"2023-01-24T00:00:00.000Z\", \"assignerShortName\": \"Citrix\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2022-AVI-499

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Citrix. Elles permettent à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Citrix	N/A	Citrix ADC et Citrix Gateway versions 12.1.x antérieures à 12.1-64.17
Citrix	N/A	Citrix ADC et Citrix Gateway versions 13.1.x antérieures à 13.1-21.50
Citrix	N/A	Citrix ADC 12.1-NDcPP versions 12.1.x antérieures à 12.1-55.278
Citrix	N/A	Citrix ADC 12.1-FIPS versions 12.1.x antérieures à 12.1-55.278
Citrix	N/A	Citrix ADC et Citrix Gateway versions 13.0.x antérieures à 13.0-85.19

References

Title

Publication Time

Tags

Bulletin de Citrix CTX457048 du 25 mai 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix ADC et Citrix Gateway versions 12.1.x ant\u00e9rieures \u00e0 12.1-64.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et Citrix Gateway versions 13.1.x ant\u00e9rieures \u00e0 13.1-21.50",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC 12.1-NDcPP versions 12.1.x ant\u00e9rieures \u00e0 12.1-55.278",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC 12.1-FIPS versions 12.1.x ant\u00e9rieures \u00e0 12.1-55.278",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et Citrix Gateway versions 13.0.x ant\u00e9rieures \u00e0 13.0-85.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-27507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27507"
    },
    {
      "name": "CVE-2022-27508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27508"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-499",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-05-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nCitrix. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de Citrix CTX457048 du 25 mai 2022",
      "url": "https://support.citrix.com/article/CTX457048"
    }
  ]
}

CERTFR-2022-AVI-499

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Citrix. Elles permettent à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Citrix	N/A	Citrix ADC et Citrix Gateway versions 12.1.x antérieures à 12.1-64.17
Citrix	N/A	Citrix ADC et Citrix Gateway versions 13.1.x antérieures à 13.1-21.50
Citrix	N/A	Citrix ADC 12.1-NDcPP versions 12.1.x antérieures à 12.1-55.278
Citrix	N/A	Citrix ADC 12.1-FIPS versions 12.1.x antérieures à 12.1-55.278
Citrix	N/A	Citrix ADC et Citrix Gateway versions 13.0.x antérieures à 13.0-85.19

References

Title

Publication Time

Tags

Bulletin de Citrix CTX457048 du 25 mai 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix ADC et Citrix Gateway versions 12.1.x ant\u00e9rieures \u00e0 12.1-64.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et Citrix Gateway versions 13.1.x ant\u00e9rieures \u00e0 13.1-21.50",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC 12.1-NDcPP versions 12.1.x ant\u00e9rieures \u00e0 12.1-55.278",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC 12.1-FIPS versions 12.1.x ant\u00e9rieures \u00e0 12.1-55.278",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix ADC et Citrix Gateway versions 13.0.x ant\u00e9rieures \u00e0 13.0-85.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-27507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27507"
    },
    {
      "name": "CVE-2022-27508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27508"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-499",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-05-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nCitrix. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de Citrix CTX457048 du 25 mai 2022",
      "url": "https://support.citrix.com/article/CTX457048"
    }
  ]
}

GHSA-63V9-8F2V-3MQW

Vulnerability from github – Published: 2023-01-26 21:30 – Updated: 2023-02-01 21:30

Details

Authenticated denial of service

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-27507"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-26T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Authenticated denial of service",
  "id": "GHSA-63v9-8f2v-3mqw",
  "modified": "2023-02-01T21:30:22Z",
  "published": "2023-01-26T21:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27507"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

VAR-202205-1914

Vulnerability from variot - Updated: 2023-12-18 13:22

Authenticated denial of service. Citrix Application Delivery Controller and Citrix Gateway Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. Both Citrix Gateway (Citrix Systems NetScaler Gateway) and Citrix ADC are products of Citrix Systems (Citrix). Citrix Gateway is a secure remote access solution. The product provides administrators with application-level and data-level control functions to enable users to remotely access applications and data from any location. Citrix ADC is one of the most comprehensive application delivery and load balancing solutions. Used for application security, overall visibility and availability. The following products and versions are affected: Citrix ADC and Citrix Gateway 13.1 prior to 13.1-21.50, Citrix ADC and Citrix Gateway 13.0-85.19 prior to 13.0, Citrix ADC and Citrix Gateway 12.1 prior to 12.1-64.17, Citrix-ADC 12.1 FIPS 12.1-55.278 prior, Citrix ADC 12.1-NDcPP prior 12.1-55.278

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202205-1914",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "application delivery controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.1"
      },
      {
        "model": "gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "12.1-64.17"
      },
      {
        "model": "application delivery controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.0"
      },
      {
        "model": "gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "12.1"
      },
      {
        "model": "gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.0"
      },
      {
        "model": "gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.1-21.50"
      },
      {
        "model": "gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.1"
      },
      {
        "model": "application delivery controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.0-85.19"
      },
      {
        "model": "application delivery controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "12.1-64.17"
      },
      {
        "model": "application delivery controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "12.1-55.278"
      },
      {
        "model": "application delivery controller",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.1-21.50"
      },
      {
        "model": "gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "13.0-85.19"
      },
      {
        "model": "application delivery controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "citrix",
        "version": "12.1"
      },
      {
        "model": "citrix application delivery controller",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30c8\u30ea\u30c3\u30af\u30b9 \u30b7\u30b9\u30c6\u30e0\u30ba",
        "version": null
      },
      {
        "model": "citrix gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30c8\u30ea\u30c3\u30af\u30b9 \u30b7\u30b9\u30c6\u30e0\u30ba",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-006658"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-27507"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.1-64.17",
                "versionStartIncluding": "12.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.1-21.50",
                "versionStartIncluding": "13.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.0-85.19",
                "versionStartIncluding": "13.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.1-64.17",
                "versionStartIncluding": "12.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.0-85.19",
                "versionStartIncluding": "13.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.1-21.50",
                "versionStartIncluding": "13.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:ndcpp:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.1-55.278",
                "versionStartIncluding": "12.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:fips:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.1-55.278",
                "versionStartIncluding": "12.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-27507"
      }
    ]
  },
  "cve": "CVE-2022-27507",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2022-27507",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-27507",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202205-4146",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-006658"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-27507"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-4146"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Authenticated denial of service. Citrix Application Delivery Controller and Citrix Gateway Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. Both Citrix Gateway (Citrix Systems NetScaler Gateway) and Citrix ADC are products of Citrix Systems (Citrix). Citrix Gateway is a secure remote access solution. The product provides administrators with application-level and data-level control functions to enable users to remotely access applications and data from any location. Citrix ADC is one of the most comprehensive application delivery and load balancing solutions. Used for application security, overall visibility and availability. The following products and versions are affected: Citrix ADC and Citrix Gateway 13.1 prior to 13.1-21.50, Citrix ADC and Citrix Gateway 13.0-85.19 prior to 13.0, Citrix ADC and Citrix Gateway 12.1 prior to 12.1-64.17, Citrix-ADC 12.1 FIPS 12.1-55.278 prior, Citrix ADC 12.1-NDcPP prior 12.1-55.278",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-27507"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-006658"
      },
      {
        "db": "VULHUB",
        "id": "VHN-418141"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-27507"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-27507",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-006658",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-4146",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2571",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-418141",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-27507",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-418141"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-27507"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-006658"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-27507"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-4146"
      }
    ]
  },
  "id": "VAR-202205-1914",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-418141"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:22:22.834000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CTX457048",
        "trust": 0.8,
        "url": "https://support.citrix.com/article/ctx457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508"
      },
      {
        "title": "Multiple Citrix Systems Product resource management error vulnerability fixes",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=223463"
      },
      {
        "title": "Citrix Security Bulletins: Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27507 and CVE-2022-27508",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=72c36bceaf4968fb4025839fb3ab9ded"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-27507"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-006658"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-4146"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-400",
        "trust": 1.1
      },
      {
        "problemtype": "Resource exhaustion (CWE-400) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-418141"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-006658"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-27507"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://support.citrix.com/article/ctx457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27507"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2571"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-27507/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://support.citrix.com/article/ctx457048"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-418141"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-27507"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-006658"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-27507"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-4146"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-418141"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-27507"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-006658"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-27507"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-4146"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-01-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-418141"
      },
      {
        "date": "2023-01-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-27507"
      },
      {
        "date": "2023-07-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-006658"
      },
      {
        "date": "2023-01-26T21:15:33.080000",
        "db": "NVD",
        "id": "CVE-2022-27507"
      },
      {
        "date": "2022-05-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202205-4146"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-418141"
      },
      {
        "date": "2023-01-27T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-27507"
      },
      {
        "date": "2023-07-07T06:36:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-006658"
      },
      {
        "date": "2023-02-01T20:38:16.680000",
        "db": "NVD",
        "id": "CVE-2022-27507"
      },
      {
        "date": "2023-02-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202205-4146"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-4146"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Citrix\u00a0Application\u00a0Delivery\u00a0Controller\u00a0 and \u00a0Citrix\u00a0Gateway\u00a0 Resource exhaustion vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-006658"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-4146"
      }
    ],
    "trust": 0.6
  }
}

GSD-2022-27507

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Authenticated denial of service

Aliases

CVE-2022-27507

Aliases

CVE-2022-27507

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-27507",
    "id": "GSD-2022-27507"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-27507"
      ],
      "details": "Authenticated denial of service",
      "id": "GSD-2022-27507",
      "modified": "2023-12-13T01:19:40.940720Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@citrix.com",
        "DATE_PUBLIC": "2022-05-26T05:58:00.000Z",
        "ID": "CVE-2022-27507",
        "STATE": "PUBLIC",
        "TITLE": "Authenticated denial of service "
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Citrix Application Delivery Controller (Citrix ADC) and Citrix Gateway",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "13.1",
                          "version_value": "13.1-21.50"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "13.0",
                          "version_value": "13.0-85.19"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "12.1",
                          "version_value": "12.1-64.17\u202f "
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "12.1 FIPS",
                          "version_value": "12.1-55.278"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "12.1 NDcPP",
                          "version_value": "12.1-55.278"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Citirx"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Authenticated denial of service"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-400 Uncontrolled Resource Consumption"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508",
            "refsource": "MISC",
            "url": "https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.1-64.17",
                "versionStartIncluding": "12.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.1-21.50",
                "versionStartIncluding": "13.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.0-85.19",
                "versionStartIncluding": "13.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.1-64.17",
                "versionStartIncluding": "12.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.0-85.19",
                "versionStartIncluding": "13.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.1-21.50",
                "versionStartIncluding": "13.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:ndcpp:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.1-55.278",
                "versionStartIncluding": "12.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:fips:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.1-55.278",
                "versionStartIncluding": "12.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@citrix.com",
          "ID": "CVE-2022-27507"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Authenticated denial of service"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-02-01T20:38Z",
      "publishedDate": "2023-01-26T21:15Z"
    }
  }
}

FKIE_CVE-2022-27507

Vulnerability from fkie_nvd - Published: 2023-01-26 21:15 - Updated: 2025-04-01 19:15

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

Authenticated denial of service

References

	URL	Tags
	secure@citrix.com	https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508	Mitigation, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508	Mitigation, Vendor Advisory

Impacted products

Vendor	Product	Version
citrix	gateway	*
citrix	gateway	*
citrix	gateway	*
citrix	application_delivery_controller	*
citrix	application_delivery_controller	*
citrix	application_delivery_controller	*
citrix	application_delivery_controller	*
citrix	application_delivery_controller	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E112D10-DA69-4574-A65A-7CD6426F598B",
              "versionEndExcluding": "12.1-64.17",
              "versionStartIncluding": "12.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6FFD486-A515-4B15-95D8-8D1D36D3011C",
              "versionEndExcluding": "13.0-85.19",
              "versionStartIncluding": "13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C3948D7-C0F8-4172-B57A-55D94AFB4EF3",
              "versionEndExcluding": "13.1-21.50",
              "versionStartIncluding": "13.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:fips:*:*:*",
              "matchCriteriaId": "C0C9EA64-FDF6-4DA9-820B-F22F85701404",
              "versionEndExcluding": "12.1-55.278",
              "versionStartIncluding": "12.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:ndcpp:*:*:*",
              "matchCriteriaId": "E54AAEEA-4634-408C-8C95-92BE5D9F4D34",
              "versionEndExcluding": "12.1-55.278",
              "versionStartIncluding": "12.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA72B1AC-24C8-4356-B0A1-A0D6A51F6EEA",
              "versionEndExcluding": "12.1-64.17",
              "versionStartIncluding": "12.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "57C256B5-7FD8-47A5-A8EF-043360AB2C0E",
              "versionEndExcluding": "13.0-85.19",
              "versionStartIncluding": "13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:application_delivery_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2E6F02E-00E6-4200-81DA-E12AC67D635A",
              "versionEndExcluding": "13.1-21.50",
              "versionStartIncluding": "13.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Authenticated denial of service"
    },
    {
      "lang": "es",
      "value": "Denegaci\u00f3n de servicio autenticada"
    }
  ],
  "id": "CVE-2022-27507",
  "lastModified": "2025-04-01T19:15:42.160",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-01-26T21:15:33.080",
  "references": [
    {
      "source": "secure@citrix.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508"
    }
  ],
  "sourceIdentifier": "secure@citrix.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "secure@citrix.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-27507 (GCVE-0-2022-27507)

CERTFR-2022-AVI-499

Solution

CERTFR-2022-AVI-499

Solution

GHSA-63V9-8F2V-3MQW

VAR-202205-1914

GSD-2022-27507

FKIE_CVE-2022-27507

Tags

Sightings

Nomenclature