- 258/2022
- Critical
Citrix has released security updates for Citrix ADC and Citrix Gateway to fix multiple vulnerabilities.
The severity of the addressed vulnerabilities could allow the remote attacker could exploit these vulnerabilities to take over the administrator’s account, take control of the affected system or bypass the security.
Sample of the addressed vulnerabilities:
- Citrix ADC and Citrix Gateway brute force (CVE-2022-27516):
- CVSS: 10
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
- Citrix ADC and Citrix Gateway open redirect (CVE-2022-27513):
- CVSS: 7.4
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
The affected versions of Citrix ADC and Citrix Gateway:
- Citrix ADC and Citrix Gateway 13.1 before 13.1-33.47
- Citrix ADC and Citrix Gateway 13.0 before 13.0-88.12
- Citrix ADC and Citrix Gateway 12.1 before 12.1.65.21
- Citrix ADC 12.1-FIPS before 12.1-55.289
- Citrix ADC 12.1-NDcPP before 12.1-55.289
Vulnerabilities
- CVE-2022-27510
- CVE-2022-27513
- CVE-2022-27516
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.
Citrix Security Update