Citrix Systems, a multinational company developing cloud computing and virtualization solutions headquartered in Florida, USA, recently published a security bulletin providing information regarding discovered vulnerabilities that can be used to gain unauthorized access to the device, bypass the brute force protection at login and perform a remote desktop takeover.
There are three vulnerabilities that affect both Citrix Gateway and Citrix ADC:
- CVE-2022-27510 allows authentication bypassing if the appliance is configured as a VPN.
- CVE-2022-27513, which doesn’t allow properly verify authentication data, so remote desktops can be attacked using phishing. It can be performed only if the appliance is configured as VPN and RDP proxy is enabled.
- CVE-2022-27516, which allows bypassing brute force protection during login. This vulnerability can be exploited only if the appliance is configured as VPN or AAA virtual server.
To protect the servers which are using Citrix, the customers should install the latest available updates.
The vulnerable versions include Citrix Gateway and Citrix ADC 12.1 before 12.1.65.21, 13.0 before 13.0-88.12, and 13.1 before 13.1-33.47. Also vulnerable are Citrix ADC 12.1-FIPS and Citrix ADC 12.1-NDcPP before 12.1-55.289.
Any versions of the products before 12.1 currently reached End Of Life, so they are not recommended to be used and should be updated to the latest version ASAP.