Critical Citrix DDoS Bug Shuts Down Network, Cloud App Access

A critical security bug in the Citrix Application Delivery Controller and Citrix Gateway could allow cyberattackers to crash entire corporate networks without needing to authenticate.

Citrix also addressed a lower-severity bug that is likewise due to uncontrolled resource consumption.

The latter provides optimization for Citrix SD-WAN deployments, which enable secure connectivity and seamless access to virtual, cloud and software-as-a-service apps across enterprise and branch locations.

All of this makes them an attractive target for cybercriminals, and indeed, the Citrix ADC and Gateway in particular are no spring chickens when it comes to the critical vulnerability scene.

While Citrix didn’t release technical details on the latest bugs, VulnDB noted on Wednesday that for CVE-2021-22955, “The exploitability is told to be difficult. The attack can only be initiated within the local network. The exploitation doesn’t require any form of authentication.” It assigned a severity score of 5.1 out of 10 to the bug, despite Citrix’ internal rating of “Critical.”

In the case of the first Citrix ADC and Gateway bug, appliances must be configured as a VPN or AAA virtual server in order to be vulnerable.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us About your Needs
Get an Answer the Same Business Day

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project’s scope
  • You get an all-inclusive, no engagement proposal
This field is for validation purposes and should be left unchanged.


Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g:,, etc.)



Everything You Need to Know

Gain confidence in your future cybersecurity assessments by learning to effectively plan, scope and execute projects.
This site is registered on as a development site. Switch to a production site key to remove this banner.