Citrix ADC and Citrix Gateway Vulnerabilities Exploited in Targeted Attacks

Recently, Citrix has released builds to fix CVE-2022-27518, which affects the Citrix ADC and Citrix Gateway versions 12.1 and 13.0 before 13.0-58.32. These vulnerabilities have been identified as critical by Citrix and customers who are using an affected build with a SAML SP or IdP configuration are urged to install the recommended builds immediately. This vulnerability has been identified as critical (CTX474995) and no workarounds are available.

In this blog post, we will discuss the threat, why it is noteworthy, the exposure or risk, and recommendations to mitigate the vulnerability.

What is the Threat?

Citrix has identified vulnerabilities in Citrix ADC and Citrix Gateway 12.1 and 13.0 before 13.0-58.32 builds. These vulnerabilities have been identified as critical by Citrix and can be exploited by a malicious actor against ADC and Gateway. The National Security Agency (NSA) has also released a Cybersecurity Advisory (CSA) with detection and mitigation guidance for these tools.

Why is it Noteworthy?

The vulnerabilities in Citrix ADC and Citrix Gateway can be exploited by a malicious actor and can be used to gain unauthorized access to ADC and Gateway devices. This can lead to data breaches and other security incidents.

What is the Exposure or Risk?

Customers who are using an affected build with a SAML SP or IdP configuration are at risk of unauthorized access to ADC and Gateway devices. This can lead to data breaches and other security incidents.

What are the Recommendations?

All customers using the affected builds should either update to the current 12.1 build (including FIPS and NDcPP variants) or to the current 13.0 build (13.0-88.16). Customers using an affected build with a SAML SP or IdP configuration are urged to install the current build immediately. As an alternative, customers may upgrade to the 13.1 version, which is not affected. Customers who are running affected builds can set up audit logging to monitor for unauthorized activity on ADC or Gateway devices. Customers using Citrix ADC or Citrix Gateway instances on an SDX platform will need to upgrade VPX instances. It is also recommended to follow the Citrix ADC secure configuration and deployment guide, available at https://docs.citrix.com/en-us/citrix-adc-secure-deployment.html.

References

Previous
Previous

Stay Secure During the Holidays: Tips and Tricks

Next
Next

Fortinet Zero-Day Vulnerability Actively Exploited in Attacks