Organizations should update as soon as possible. If past is precedent, new CVE-2022-27510 flaw could be heavily targeted [286 words].
What: A critical authentication bypass vulnerability (CVE-2022-27510) is present in multiple versions of Citrix Application Delivery Controller (ADC) and Citrix Gateway products. The vulnerability has a severity rating of 9.8 and gives attackers a way to execute authentication bypass using an alternate path or channel. The vulnerability affects products that are configured as a VPN or as a proxy with authentication.
The following products are affected.
- Citrix ADC and Citrix Gateway 13.1 before 13.1-33.47
- Citrix ADC and Citrix Gateway 13.0 before 13.0-88.12
- Citrix ADC and Citrix Gateway 12.1 before 12.1.65.21
- Citrix ADC 12.1-FIPS before 12.1-55.289
- Citrix ADC 12.1-NDcPP before 12.1-55.289
Citrix has recommended that organizations using these products immediately install updated versions of Citrix ADC or Citrix Gateway.
Why it matters: Attackers like targeting Citrix flaws. One example is CVE-2019-19781, a critical path traversal vulnerability inCitrix Application Delivery Controller, Gateway, and SD-WAN WANOP. Citrix disclosed the vulnerability along with mitigation advise on December 17, 2019. Exploits for the flaw became available by January 2020 and multiple attackers including groups from China and Iran were reported as targeting the flaw. It remains one of the most frequently abused CVEs among Chinse state-sponsored threat actors since 2020, according to CISA.
The two other vulnerabilities: Citrix disclosed two other flaws in Citrix Gateway and Citrix ADC on Nov. 8th
- An insufficient verification of data authenticity issue that allows remote desktop takeover via phishing (CVE-2022-27513)
- A protection mechanism failure flaw that allows threat actors to bypass brute-force login attack protection mechanisms (CVE-2022-27516)
The details:
Citrix vulnerability disclosure
Tenable blog: CVE-2022-27510: Critical Citrix ADC and Gateway Authentication Bypass Vulnerability