Attention to vulnerability in Citrix Gateway Plug-in for Windows (CVE-2020-8257 / CVE-2020-8258)

Thank you for using NTT Communications Enterprise Cloud.

A vulnerability (CVE-2020-8257 / CVE-2020-8258) of Citrix Gateway Plug-in for Windows used for SSL-VPN connection has been confirmed in the remote console access (RCA) function of the Baremetal Server Menu of ECL2.0. The common platform of ECL2.0 is not affected by this problem. We recommend that customers using the ECL2.0 Baremetal Server Menu to check the latest information on vulnerabilities and take appropriate action as necessary.

Vulnerability information

Affected Menu

Baremetal Server

Affected Version

Citrix Gateway Plug-in 13.0 for Windows before 64.35
Citrix Gateway Plug-in 12.1 for Windows before 59.16


When try to make SSL-VPN connection from customer’s client, upgrade of Citrix Gateway Plug-in Client will be required. Please upgrade the Plug-in following the instructions on the screen.


Thank you.