Cythera Cyber Security

Critical Citrix ADC and Gateway Remote Code Execution Vulnerability

On December 14 Citrix published a security bulletin announcing fixes for a vulnerability in their Citrix ADC and CITRIX Gateway products.
Talk to an expert

Critical Citrix ADC and Gateway Remote Code Execution Vulnerability

CVE: CVE-2022-27518

What is vulnerable?

  • Citrix ADC and Citrix Gateway 13.0 before 13.0-58.32
  • Citrix ADC and?Citrix?Gateway?12.1?before?12.1-65.25
  • Citrix ADC 12.1-FIPS before 12.1-55.291
  • Citrix ADC 12.1-NDcPP before 12.1-55.291

NOTE: Citrix ADC and Citrix Gateway version 13.1 is unaffected.

What happened?

  • On December 14 Citrix published a security bulletin announcing fixes for a vulnerability in their Citrix ADC and CITRIX Gateway products.
  • CVE-2022-27518 is a Remote Code Execution vulnerability and has a CVSS severity of 9.8/10.
  • Citrix Gateways are high-value targets because of the function they serve providing access to the inside of your network and are exploited very quickly so organisations operating an impacted product should update these systems immediately.

Key facts

  • These vulnerabilities affect Citrix ADC and Citrix Gateway Appliances when they are configured with IDP and SAML.
  • Citrix-managed cloud services are unaffected.
  • CITRIX reports that they are seeing this exploit being actively used.
  • This does not affect CITRIX ADM or CITRIX SD-WAN.
  • If you have already updated your CITRIX appliances in response to CVE-2022-27510, CVE-2022-27513 and CVE-2022-27516 you are already protected from this vulnerability.

What you can do

  • Any Citrix ADC appliances running 12.1 and 13.0 need to be updated to the latest version of the software released on December 14, details available here
  • Cythera continues to monitor Managed Detection & Response for associated indicators of attack and port exploitation activities
  • Cythera Vulnerability Management Clients are actively being scanned for any vulnerable instances of Citrix appliances
  • Consult with Vendors to ensure that their appliances have been patched


Events

Latest events

Join Cythera experts for networking events, technical briefings, and hands-on workshops hosted throughout the year.
View all events
No items found.
Cyber security news

Latest advisories

Stay ahead of emerging threats with our expert blog posts, research, and industry updates.
Silverstripe - Host Header Injection
Silverstripe CMS is affected by a Host Header Injection flaw, which can be exploited to manipulate password reset workflows, potentially redirecting or compromising user data.
FarCry Core Framework - Multiple Issues
FarCry Core contains multiple vulnerabilities that could let unauthenticated users upload arbitrary files and execute remote code on the hosting server.
Silverstripe – Cross-Site Scripting (XSS) Vulnerability
With local organisation admin credentials, an attacker can exploit the API to create, delete, or revert virtual machine snapshots in other organisations’ Virtual Data Centres (VDCs), breaching isolation boundaries.