// For flags

CVE-2019-18177

 

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update.

En ciertos productos Citrix, un usuario de VPN autenticado puede lograr la divulgación de información cuando hay un endpoint de VPN SSL configurado. Esto afecta a Citrix ADC y Citrix Gateway 13.0-58.30 y versiones posteriores antes de la actualización CTX276688.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-10-17 CVE Reserved
  • 2022-12-26 CVE Published
  • 2024-07-18 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Citrix
Search vendor "Citrix"
 Application Delivery Controller Firmware
Search vendor "Citrix" for product "Application Delivery Controller Firmware"
 < 13.0-58.30
Search vendor "Citrix" for product "Application Delivery Controller Firmware" and version " < 13.0-58.30"
-
Affected
in Citrix
Search vendor "Citrix"
 Application Delivery Controller
Search vendor "Citrix" for product "Application Delivery Controller"
--
Safe
Citrix
Search vendor "Citrix"
 Gateway
Search vendor "Citrix" for product "Gateway"
 < 13.0-58.30
Search vendor "Citrix" for product "Gateway" and version " < 13.0-58.30"
-
Affected