Multiple vulnerabilities in Citrix Application Delivery Controller (ADC) and Gateway would allow code injection, information disclosure and denial of service. Four of the bugs are exploitable by an unauthenticated, remote attacker. Citrix products are used for application-aware traffic management and secure remote access. They are installed in at least 80,000 companies in 158 countries, according to a December assessment from Positive Technologies. Other flaws announced Tuesday also affect Citrix SD-WAN WANOP appliances.
Source: https://threatpost.com/citrix-bugs-allow-unauthenticated-code-injection-data-theft/157214/