Skip to main content

Citrix Products Remote Code Execution Vulnerability

Release Date: 14 Dec 2022 6766 Views

RISK: Extremely High Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

A vulnerability was identified in Citrix Products. A remote attacker could exploit a vulnerability to trigger remote code execution on the targeted system.

 

Note:

CVE-2022-27518 is being exploited in the wild. If exploited, could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance. 


Impact

  • Remote Code Execution

System / Technologies affected

  • Citrix ADC and Citrix Gateway 13.0 before 13.0-58.32 

  • Citrix ADC and Citrix Gateway 12.1 before 12.1-65.25 

  • Citrix ADC 12.1-FIPS before 12.1-55.291 

  • Citrix ADC 12.1-NDcPP before 12.1-55.291

 

Please refer to the link below for detail:


Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

  • Citrix ADC and Citrix Gateway 13.0-58.32 and later releases 

  • Citrix ADC and Citrix Gateway 12.1-65.25 and later releases of 12.1 

  • Citrix ADC 12.1-FIPS 12.1-55.291 and later releases of 12.1-FIPS  

  • Citrix ADC 12.1-NDcPP 12.1-55.291 and later releases of 12.1-NDcPP 

Please note that Citrix ADC and Citrix Gateway versions prior to 12.1 are EOL and customers on those versions are recommended to upgrade to one of the supported versions. 


Vulnerability Identifier


Source


Related Link