ADC

Signature update version 75

New signatures rules are generated for the vulnerabilities identified in the week 2022-01-20. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.

Signature version

Signature version 75 applicable for NetScaler 11.1, NetScaler 12.0, Citrix ADC 12.1, Citrix ADC 13.0 platforms.

Note:

Enabling Post body and Response body signature rules might affect Citrix ADC CPU.

Common Vulnerability Entry (CVE) insight

Following is a list of signature rules, CVE IDs, and its description.

Signature rule CVE ID Description
999055 CVE-2021-44224 WEB-MISC Apache HTTP Server - Malformed UDS Vulnerability Via Forward and Reverse Proxy (CVE-2021-44224)
999056 CVE-2021-43815 WEB-MISC Apache Grafana - TestData DB Data Source Path Traversal Vulnerability (CVE-2021-43815)
999057 CVE-2021-43813 WEB-MISC Apache Grafana - Path Traversal Vulnerability Via Markdown (CVE-2021-43813)
999058 CVE-2021-43405 WEB-MISC FusionPBX Prior to 4.5.30 - OS Command Injection Via fax_extension (CVE-2021-43405)
999059 CVE-2021-42392 WEB-MISC H2 Console Prior to 2.0.206 - Remote Code Execution Vulnerability (CVE-2021-42392)
999060 CVE-2021-42362 WEB-WORDPRESS Popular Post Plugin Prior to 5.3.3 - Arbitrary File Upload Vulnerability (CVE-2021-42362)
999061 CVE-2021-42129 WEB-MISC Ivanti Avalanche Prior to 6.3.3 - OS Command Injection Vulnerability Via txtUpass (CVE-2021-42129)
999062 CVE-2021-42129 WEB-MISC Ivanti Avalanche Prior to 6.3.3 - OS Command Injection Vulnerability Via txtUname (CVE-2021-42129)
999063 CVE-2021-42129 WEB-MISC Ivanti Avalanche Prior to 6.3.3 - OS Command Injection Vulnerability Via txtUncPath (CVE-2021-42129)
999064 CVE-2021-40345 WEB-MISC Nagios XI Prior to 5.8.6 - OS Command Injection Vulnerability Via Maliciously Crafted ZIP File (CVE-2021-40345)
999065 CVE-2021-37928 WEB-MISC Zoho ManageEngine ADManager Plus Prior to 7110 - Unrestricted File Upload Vulnerability (CVE-2021-37928)
999066 CVE-2021-25037 WEB-WORDPRESS All In One SEO Plugin Prior to 4.1.5.3 - SQL Injection Vulnerability Via objects REST API and rest_route
999067 CVE-2021-25037 WEB-WORDPRESS All In One SEO Plugin Prior to 4.1.5.3 - SQL Injection Vulnerability Via objects REST API
999068 CVE-2021-25036 WEB-WORDPRESS All In One SEO Plugin Prior to 4.1.5.3 - Privilege Escalation Vulnerability Via REST API and rest_route
999069 CVE-2021-25036 WEB-WORDPRESS All In One SEO Plugin Prior to 4.1.5.3 - Privilege Escalation Vulnerability Via REST API
999070 CVE-2021-21917 WEB-MISC Advantech R-SeeNet Prior to 2.4.17 - SQL Injection Vulnerability Via ord (CVE-2021-21917)
999071 CVE-2021-20040 WEB-MISC SonicWall Secure Mobile Access - Arbitrary File Write Vulnerability (CVE-2021-20040)
999072 CVE-2021-20039 WEB-MISC SonicWall Secure Mobile Access - Command Injection Vulnerability (CVE-2021-20039)
Signature update version 75