Vulnerability Alert - Citrix
A security advisory was published about a critical RCE vulnerability (CVE-2022-27518) that affects Citrix Gateway and Citrix ADC. Versions 13.1 Citrix ADC and Citrix Gateway are not affected.
There is a pre-condition for this vulnerability to be exploited — Citrix ADC or Citrix Gateway must be configured as a Security Assertion Markup Language (SAML) service provider (SP) or a SAML identity provider (IdP).
Please note that this vulnerability is being actively exploited in the wild.
A remote unauthenticated attacker could execute arbitrary code.
It is recommended to upgrade the products:
- Citrix ADC and Citrix Gateway 12.1-65.25 or latest version;
- Citrix ADC and Citrix Gateway 13.0-58.32 or latest version;
- Citrix ADC 12.1-FIPS 12.1-55.291 or latest version;
- Citrix ADC 12.1-NDcPP 12.1-55.291 or latest version.
NSA published a guide [2] that helps identifying compromised Citrix ADC.