CVE-2021-22956: 
NixOS vulnerability analysis and mitigation

An uncontrolled resource consumption vulnerability (CVE-2021-22956) was identified in Citrix Application Delivery Controller (ADC) and Citrix Gateway products. The vulnerability affects versions <13.0-83.27, <12.1-63.22, and 11.1-65.23. This security issue was discovered and reported through HackerOne, with the CVE being created on January 6, 2021 (CVE MITRE).

The vulnerability is classified as an uncontrolled resource consumption issue (CWE-400). It received a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, and a CVSS v2.0 score of 4.3 (MEDIUM). The vulnerability specifically affects access to the management GUI, Nitro API, and RPC communication, while CLI access remains unaffected (NVD).

The vulnerability could allow an attacker with access to NSIP (NetScaler IP) or SNIP (Subnet IP) with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication (CVE MITRE, NVD).

Citrix has released security updates to address this vulnerability. The fixed versions include 13.0-83.27 or later, 12.1-63.22 or later, and versions after 11.1-65.23. Users are strongly recommended to upgrade to these patched versions (Citrix Advisory).