On November 8, 2022, Citrix published Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516 announcing fixes for three vulnerabilities:
CVE-2022-27510 “Unauthorized access to Gateway user capabilities”CVE-2022-27513 “Remote desktop takeover via phishing”CVE-2022-27516 “User login brute force protection functionality bypass”The most notable vulnerability, CVE-2022-27510, is rated a critical 9.8 for “appliances that are operating as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy),” per Citrix’s advisory, and allows for remote, unauthenticated attackers to take control of a vulnerable system.
Rapid7 has repeatedly observed attacker interest in high-value targets such as Citrix; historically, these appliances become exploited very quickly so organizations that are impacted by CVE-2022-27510 should patch right away. CISA has issued a warning about CVE-2022-27510 here.
Affected products
The following supported versions of Citrix ADC and Citrix Gateway on customer-managed appliances are affected by this vulnerability (Citrix-managed cloud services customers do not need to take any action):
Citrix ADC and Citrix Gateway 13.1 before 13.1-33.47Citrix ADC and Citrix Gateway 13.0 before 13.0-88.12Citrix ADC and Citrix Gateway 12.1 before 12.1.65.21Citrix ADC 12.1-FIPS before 12.1-55.289Citrix ADC 12.1-NDcPP before 12.1-55.289Mitigation guidance
Organizations that are impacted by CVE-2022-27510 should update to one of the versions listed below immediately. Additionally, it is strongly recommended that organizations ensure that gateway devices require multi-factor authenticat ..
Support the originator by clicking the read the rest link below.
