Rewterz Threat Advisory – CVE-2021-32960 – ICS: Rockwell Automation ISaGRAF5 Runtime
June 11, 2021Rewterz Threat Alert – Lazarus APT Group – Active IOCs
June 11, 2021Rewterz Threat Advisory – CVE-2021-32960 – ICS: Rockwell Automation ISaGRAF5 Runtime
June 11, 2021Rewterz Threat Alert – Lazarus APT Group – Active IOCs
June 11, 2021Severity
High
Analysis Summary
CVE-2020-8300
Citrix ADC and Gateway could allow a remote attacker to bypass security restrictions, caused by a flaw when SAML configuration is not configured to the recommended settings. By utilize phishing attack techniques, an attacker could exploit this vulnerability to hijack a valid user session.
CVE-2020-8299
Citrix ADC, Gateway and SD-WAN WANOP are vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition within the same Layer 2 network segment.
Impact
- Bypass Security
- Denial of Service
Affected Vendors
- Citrix NetScaler Gateway
- Citrix Gateway
- Citrix ADC
Affected Products
- Citrix NetScaler Gateway 11.1
- Citrix Gateway 12.1
- Citrix Gateway 13.0
- Citrix ADC 11.1
- Citrix ADC 12.1
- Citrix ADC 13.0
Remediation
Refer to CTX297155 for patch, upgrade or suggested workaround information.