fbpx

Hackers exploit Citrix ADC and Gateway

Citrix strongly urges admins to apply security updates for an ‘Critical’ zero-day vulnerability (CVE-2022-27518) in Citrix ADC and Gateway that is actively exploited by state-sponsored hackers to gain access to corporate networks.

This new vulnerability allows an unauthenticated attacker to execute commands remotely on vulnerable devices and take control over them.

Citrix is warning admins to install the latest update “as soon as possible” as the vulnerability is actively exploited in attacks.

“We are aware of a small number of targeted attacks in the wild using this vulnerability,” mentions Citrix in the security update accompanying the advisory.

“Customers who are using an affected build with a SAML SP or IdP configuration are urged to install the recommended builds immediately as this vulnerability has been identified as critical. No workarounds are available for this vulnerability.” – Citrix.

The vulnerability impacts the following versions of Citrix ADC and Citrix Gateway:

  • Citrix ADC and Citrix Gateway 13.0 before 13.0-58.32
  • Citrix ADC and Citrix Gateway 12.1 before 12.1-65.25
  • Citrix ADC 12.1-FIPS before 12.1-55.291
  • Citrix ADC 12.1-NDcPP before 12.1-55.291

The above versions are impacted only if the appliances are configured as a SAML SP (SAML service provider) or SAML IdP (SAML identity provider).

Administrators can determine how the device is configured by inspecting the “ns.conf” file for the following two commands:

add authentication samlAction
add authentication samlIdPProfile

Admins should immediately update their devices if the above configuration operations are found.

Citrix ADC and Citrix Gateway version 13.1 are not affected by CVE-2022-27518, so upgrading to it solves the security problem.

Those using older versions are recommended to upgrade to the latest available build for the 12.0 (12.1.65.25) or 13.0 branch (13.0.88.16).

Also, Citrix ADC FIPS and Citrix ADC NDcPP should upgrade to versions 12.1-55.291 or later.

Those using Citrix-managed cloud services don’t have to take any action, as the vendor has already taken the appropriate remediation steps.

Additionally, system admins are urged to consult Citrix’s “best practices” for ADC appliances and implement the vendor’s security recommendations.

 

For more information, read the original post here

en_USEnglish