Vulnerabilities in Citrix Gateway and Citrix ADC

Vulnerabilities in Citrix Gateway and Citrix ADC

Citrix Systems, a multinational company developing cloud computing and virtualization solutions headquartered in Florida, USA, recently published a security bulletin providing information regarding discovered vulnerabilities that can be used to gain unauthorized access to the device, bypass the brute force protection at login and perform a remote desktop takeover.

There are three vulnerabilities that affect both Citrix Gateway and Citrix ADC:

  • CVE-2022-27510 allows authentication bypassing if the appliance is configured as a VPN.
  • CVE-2022-27513, which doesn’t allow properly verify authentication data, so remote desktops can be attacked using phishing. It can be performed only if the appliance is configured as VPN and RDP proxy is enabled.
  • CVE-2022-27516, which allows bypassing brute force protection during login. This vulnerability can be exploited only if the appliance is configured as VPN or AAA virtual server.

To protect the servers which are using Citrix, the customers should install the latest available updates.

The vulnerable versions include Citrix Gateway and Citrix ADC 12.1 before, 13.0 before 13.0-88.12, and 13.1 before 13.1-33.47. Also vulnerable are Citrix ADC 12.1-FIPS and Citrix ADC 12.1-NDcPP before 12.1-55.289. 

Any versions of the products before 12.1 currently reached End Of Life, so they are not recommended to be used and should be updated to the latest version ASAP.

Image Credit: Photo by FLY:D on Unsplash

Reading next

Adobe published the list of eCommerce trends for 2023
IDC MarketScape named Commercetools among the leaders of headless digital commerce.

Interested in a specific business & technology topic and looking for an article in our blog but haven't found one yet?

If you haven't come across an article that matches your query, feel free to suggest the topic to us, and we'll consider featuring it in our blog. Share your suggestion in the form below, and we'll be sure to review your request.

Talk with us

If you have any questions or problems in your business that can be solved with technical solutions, just let us know. We'll do everything we can to help you.