LiveActive security incident?Get immediate response
CVE Record

CVE-2019-18177: In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there...

In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update.

MediumCVSS 6.5Not KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

This issue can let a logged-in VPN user obtain sensitive information from a configured Citrix SSL VPN endpoint. It is not described as unauthenticated or service-disrupting, but the confidentiality impact is high for exposed VPN infrastructure.

Executive priority

Treat as a near-term confidentiality remediation for internet-facing VPN infrastructure. It is not currently evidenced as actively exploited in the bundle, but VPN information disclosure can support follow-on intrusion.

Technical view

CVE-2019-18177 is a CWE-200 information disclosure flaw affecting Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update, when an SSL VPN endpoint is configured. CVSS 3.1 is 6.5, with network access, low complexity, low privileges, no user interaction, and high confidentiality impact.

Likely exposure

Organizations using the named Citrix ADC or Citrix Gateway versions with SSL VPN endpoints configured are the likely exposure group. The bundle does not provide CPEs or a fuller affected-product matrix.

Exploitation context

The provided sources do not show CISA KEV listing or active exploitation. The vulnerability requires an authenticated VPN user, so risk is higher where many third parties, contractors, or compromised accounts can access VPN.

Researcher notes

The bundle has incomplete affected metadata: vendor, product, CPEs, and detailed version ranges are not normalized. Analysis should rely on the CVE description and Citrix CTX276688, and avoid extending impact to products not named for this CVE.

Mitigation direction

  • Apply the Citrix CTX276688 security update for affected systems.
  • Confirm Citrix ADC and Gateway builds are no longer in the vulnerable range.
  • Review whether configured SSL VPN endpoints are still required.
  • Limit VPN access to necessary users while remediation is pending.
  • Check Citrix guidance for any product-specific workaround details.

Validation and detection

  • Inventory Citrix ADC and Citrix Gateway appliances and record exact builds.
  • Identify appliances with configured SSL VPN endpoints.
  • Compare versions against 13.0-58.30 and later releases before CTX276688.
  • Confirm remediation by checking installed update level after maintenance.
  • Review VPN account scope and recent authenticated access patterns.
Prepared
Confidence
high
Sources
3

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · medium confidence lookup

CWE-200: Information exposure and cloud metadata lookup

Information exposure and SSRF weaknesses can make discovery, cloud metadata, and credential material review relevant. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2019-18177 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Medium
CVSS
6.5 (3.1)
Known Exploited
No
Published

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
2Source links

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
6.5CVSS 3.1MediumCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N2.83.6Primary CVE score

Vulnerability scoring details

Base CVSS 3.1 score

6.5Medium
CVSS 3.1 vector shape for CVE-2019-18177Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-200 · source CWE mapping

Exposure of Sensitive Information to an Unauthorized Actor

Exposure of Sensitive Information to an Unauthorized Actor represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.