Critical Citrix ADC and Gateway Remote Authentication Bypass Vulnerabilities

16 Nov / 2022

Cyber Security

Critical Citrix ADC and Gateway Remote Authentication Bypass Vulnerabilities 

CVE: CVE-2022-27510, CVE-2022-27513 and CVE-2022-27516


What is Vulnerable?

  • Citrix ADC and Citrix Gateway?13.1?before?13.1-33.47
  • Citrix ADC and Citrix Gateway?13.0?before?13.0-88.12
  • Citrix ADC and?Citrix?Gateway?12.1?before?12.1.65.21
  • Citrix ADC 12.1-FIPS before 12.1-55.289
  • Citrix ADC 12.1-NDcPP before 12.1-55.289

What’s Happened?

On November 8 Citrix published a security bulletin announcing fixes for 3 vulnerabilities in their Citrix ADC products. CVE-2022-27510 is an authentication bypass weakness allowing unauthenticated user access to the system and has a CVSS severity of 9.8/10. Citrix Gateways are high-value targets because of the function they serve providing access to the inside of your network and are exploited very quickly so organisations operating an impacted product should update these systems immediately.

Key Facts

These vulnerabilities affect Citrix ADC and Citrix Gateway Appliances when they are configured as: SSL VPN, ICA Proxy, RDP Proxy, CVPN and AAA Virtual Server. Citrix-managed cloud services are unaffected.

What You Can Do

  • Any Citrix ADC appliances running 12.1, 13.0 and 13.1 need to be updated to the latest version of the software released on November 8, details available here
  • Implement MFA for all users and administrators logging into the appliance
  • Cythera continues to monitor Endpoint Protect and Managed Detection & Response for associated indicators of attack and port exploitation activities.
  • Cythera Vulnerability Management Clients are actively being scanned for any vulnerable instances of Citrix appliances
  • Consult with Vendors to ensure that their appliances have been patched

Please reach out to us via our contact us page if you are concerned.

Resources

You may be interested in

Veeam Backup and Replication Vulnerability - CVE-2024-40711

Veeam Backup and Replication VulnerabilityCVE ID - CVE-2024-40711CVSS - 9.8/10What Is Vulnerable Veeam Backup & Replication 12.1.2.172 and all …

Read More arrow_forward

3 Ways To Check If Your Corporate Identity Is Being Impersonated Online

A guide to taking the first step towards protecting your brand from online impersonationCybersecurity attacks cost businesses financially, opera…

Read More arrow_forward

How to Optimise the Value of Your MDR Service: A Guide to Understanding MDR Pricing Models

MDR has long been hailed as a proactive alternative to Security Information and Event Management (SIEM) software. But, with such variety availab…

Read More arrow_forward