CVE-2022-27512 – Temporary disruption of the ADM license service
https://notcve.org/view.php?id=CVE-2022-27512
Temporary disruption of the ADM license service. The impact of this includes preventing new licenses from being issued or renewed by Citrix ADM. Una Interrupción temporal del servicio de licencias de ADM. El impacto de esto incluye impedir que sean emitidas o renueven nuevas licencias por parte de Citrix ADM • https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512 • CWE-416: Use After Free CWE-664: Improper Control of a Resource Through its Lifetime •
CVE-2022-27511 – Corruption of the system by a remote, unauthenticated user potentially leading to the reset of the administrator password
https://notcve.org/view.php?id=CVE-2022-27511
Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted. Una corrupción del sistema por parte de un usuario remoto no autenticado. El impacto de esto puede incluir el restablecimiento de la contraseña de administrador en el siguiente reinicio del dispositivo, permitiendo a un atacante con acceso ssh conectarse con las credenciales de administrador por defecto después de que el dispositivo se haya reiniciado • https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512 • CWE-284: Improper Access Control •
CVE-2022-21827
https://notcve.org/view.php?id=CVE-2022-21827
An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM. Se ha detectado una vulnerabilidad de privilegio inapropiado en Citrix Gateway Plug-in para Windows (Citrix Secure Access para Windows) versiones anteriores a 21.9.1.2, que podría permitir a un atacante que haya obtenido acceso local a un equipo con Citrix Gateway Plug-in instalado, corromper o eliminar archivos como SYSTEM • https://support.citrix.com/article/CTX341455 • CWE-269: Improper Privilege Management •
CVE-2021-44519
https://notcve.org/view.php?id=CVE-2021-44519
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution. En Citrix XenMobile Server versiones hasta 10.12 RP9, se presenta una vulnerabilidad de salto de directorio autenticado, conllevando a una ejecución de código remota • https://docs.citrix.com/en-us/xenmobile/server/document-history.html https://gist.github.com/tree-chtsec/30932b9c94b8c7e4209d22b8b52d597f https://support.citrix.com/article/CTX370551 https://www.chtsecurity.com/news/09be10ae-b50e-46c9-8ce7-2e995fd988fe • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-20717 – Cisco SD-WAN vEdge Routers Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-20717
A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient memory management when an affected device receives large amounts of traffic. An attacker could exploit this vulnerability by sending malicious traffic to an affected device. A successful exploit could allow the attacker to cause the device to crash, resulting in a DoS condition. Una vulnerabilidad en el proceso NETCONF de los routers Cisco SD-WAN vEdge podría permitir a un atacante local autenticado causar a un dispositivo afectado quedarse sin memoria, resultando en una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vedge-dos-jerVm4bB • CWE-770: Allocation of Resources Without Limits or Throttling CWE-789: Memory Allocation with Excessive Size Value •