Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO.
These vulnerabilities, if exploited, could result in the following security issues:
|CVE-2020-8299||Network-based denial-of-service from within the same Layer 2 network segment||CWE-400: Uncontrolled Resource Consumption||Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP Edition||The attacker machine must be in the same Layer 2 network segment as the vulnerable appliance|
|CVE-2020-8300||SAML authentication hijack through a phishing attack to steal a valid user session||CWE-284: Improper access control||Citrix ADC, Citrix Gateway||Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP|
Citrix strongly recommends that affected customers install relevant firmware upgrades as soon as possible.
Please see this link for official advisory from Citrix: