Citrix has launched safety updates to handle a vital authentication bypass flaw within the utility supply controller (ADC) and Gateway merchandise that may very well be exploited to take management of affected methods.
Successful exploitation of the problems may allow an adversary to achieve approved entry, carry out distant desktop takeover, and even circumvent defenses towards login brute-force makes an attempt underneath particular configurations.
- CVE-2022-27510 – Unauthorized entry to Gateway person capabilities
- CVE-2022-27513 – Remote desktop takeover by way of phishing
- CVE-2022-27516 – User login brute-force safety performance bypass
The following supported variations of Citrix ADC and Citrix Gateway are affected by the issues –
- Citrix ADC and Citrix Gateway 13.1 earlier than 13.1-33.47
- Citrix ADC and Citrix Gateway 13.0 earlier than 13.0-88.12
- Citrix ADC and Citrix Gateway 12.1 earlier than 12.1.65.21
- Citrix ADC 12.1-FIPS earlier than 12.1-55.289
- Citrix ADC 12.1-NDcPP earlier than 12.1-55.289
Exploitation, nonetheless, banks on the prerequisite that the home equipment are both configured as a VPN (Gateway) or, alternatively, an authentication, authorization and accounting (AAA) digital server within the case of CVE-2022-27516.
One prime of that, CVE-2022-27513 and CVE-2022-27516 additionally apply solely when the RDP proxy function and the person lockout performance “Max Login Attempts” are arrange, respectively.
The cloud computing and virtualization expertise firm stated that no motion is required from clients counting on cloud providers managed straight by Citrix.
Jarosław Jahrek Kamiński, a researcher at Polish penetration testing agency Securitum, has been credited with discovering and reporting the vulnerabilities.
“Affected clients of Citrix ADC and Citrix Gateway are really helpful to put in the related up to date variations of Citrix ADC or Citrix Gateway as quickly as potential,” Citrix stated in an advisory.