Active Exploitation of Zero-day Vulnerability in Citrix ADC and Citrix Gateway

Published on 14 Dec 2022

Updated on 14 Dec 2022

Citrix has released security updates to address a zero-day vulnerability (CVE-2022-27518) in their Citrix Application Delivery Controller (ADC) and Citrix Gateway products. The vulnerability is reportedly being actively exploited.

The vulnerability affects appliances that are configured with Security Assertion Markup Language Service Provider (SAML SP) or Identity Provider (IdP) configuration. Successful exploitation of the vulnerability could allow an unauthenticated attacker to execute commands remotely on vulnerable devices and take control over them.

The following versions of Citrix ADC and Citrix Gateway are affected by this vulnerability:

  • Citrix ADC and Citrix Gateway 13.0 before version 13.0-58.32
  • Citrix ADC and Citrix Gateway 12.1 before version 12.1-65.25
  • Citrix ADC 12.1-FIPS before version 12.1-55.291
  • Citrix ADC 12.1-NDcPP before version 12.1-55.291

Administrators and users of affected product versions are advised to upgrade to the latest versions immediately.

More information is available at:

https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/

https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-citrix-adc-and-gateway-zero-day-patch-now//