This issue has been addressed in the following versions of Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows):
Citrix recommends that affected customers upgrade the Citrix Gateway Plug-in installed on their endpoints by taking the following actions as their patching schedule allows:
If Citrix Gateway Plug-in is distributed via the SSL VPN upgrade control feature of Citrix ADC or Citrix Gateway:
Check the version of Citrix Gateway Plug-in for Windows that is being distributed by each Citrix ADC or Citrix Gateway instance. This can be done using either GUI or by viewing the file located at /var/netscaler/gui/vpn/pluginlist.xml. If it is a vulnerable version, customers must either:
- upgrade the Citrix ADC or Gateway firmware to a version that includes a fixed version of the Plug-in.
A fixed version of Citrix Gateway Plug-in for Windows is included in the following versions of Citrix ADC and Citrix Gateway:
Citrix ADC and Citrix Gateway 13.1-4.44 and later releases
Citrix ADC and Citrix Gateway 13.0-83.29 and later releases
Citrix ADC and Citrix Gateway 12.1-63.22 and later releases
Citrix ADC and Citrix Gateway 12.1-FIPS 12.1-55.277 and later releases
Citrix ADC and Citrix Gateway 12.1-NDcPP 12.1-55.276 and later releases
Information about the upgrade control feature is detailed at: https://docs.citrix.com/en-us/citrix-gateway/13/vpn-user-config/how-users-connect-with-gateway-plugin.html#control-upgrade-of-citrix-gateway-plug-ins
If Citrix Gateway Plug-in is distributed/upgraded directly onto users' devices:
Customers must install a fixed Plug-in on their users' devices by downloading it from https://www.citrix.com/downloads/citrix-gateway/plug-ins/citrix-secure-access-client-for-windows.html