Citrix Releases Security Updates in Citrix Gateway and Citrix ADC for CVE-2022-27518

Citrix have released an advisory for a vulnerability that an unauthenticated, remote attacker could exploit to perform arbitrary code execution on the appliance

Threat ID:: CC-4226
Threat Severity:: High
Published:: 13 December 2022 3:52 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Citrix have released an advisory for a vulnerability that an unauthenticated, remote attacker could exploit to perform arbitrary code execution on the appliance

Affected platforms

The following platforms are known to be affected:

Versions: 13.0 - all prior to 13.0-58.32, 12.1 -  all prior  to 12.1-65.25

Citrix Gateway

Versions: 13.0  all prior  to 13.0-58.32, 12.1 all prior  to 12.1-65.25, 12.1-FIPS all prior to 12.1-55.291, 12.1-NDcPP all prior to 12.1-55.291

Citrix ADC

Threat details

Additional information regarding vulnerable versions

The security update applies to customer-managed Citrix ADC and Citrix Gateway appliances. Customers using Citrix-managed cloud services or Citrix-managed Adaptive Authentication do not need to take any action.
Citrix Gateway and Citrix Application Delivery Controller (ADC) version 13.1 is unaffected.
Please note that Citrix ADC and Citrix Gateway versions prior to 12.1 are end-of-life (EOL) and are therefore not assessed for current vulnerabilities.

Introduction

Citrix has released a security update to address an unauthenticated remote arbitrary code execution vulnerability known as CVE-2022-27518, which affects Citrix ADC and Citrix Gateway.

A condition of this vulnerability is that Citrix ADC or Citrix Gateway must be configured as a Security Assertion Markup Language (SAML) Service Provider or Identity Provider (SAML SP or a SAML IdP). Citrix provides information on how to determine if an appliance is being used for either of those purposes.

An attacker could exploit this vulnerability to take control of an affected system.

Exploitation in the wild

Citrix are acknowledging a small number of targeted attacks in the wild using this vulnerability in the blog Critical security update now available for Citrix ADC, Citrix Gateway. Citrix are only sharing limited technical details to protect customers from exploits.

The US National Security Agency (NSA) has released a Cybersecurity Advisory (CSA) with detection and mitigation guidance for tools leveraged by a malicious advanced persistent threat group against ADC and Gateway. The NSA Cybersecurity Advisory is available here.

Remediation advice

Affected organisations must review Citrix Security Bulletin CTX474995, apply the relevant updates, and follow the recommended steps in the Citrix blog post Critical security update now available for Citrix ADC, Citrix Gateway.

Definitive source of threat updates

CVE Vulnerabilities

Status Reserved

CVE-2022-27518

Last edited: 13 December 2022 3:53 pm