Citrix has issued a patch for a crucial flaw affecting Citrix ADC and Citrix Gateway, including that the corporate is conscious of assaults in opposition to the vulnerability within the wild.
The vulnerability, tracked underneath CVE-2022-27518, impacts Citrix ADC and Citrix Gateway variations 12.1 (together with FIPS and NDcPP) and 13.0 earlier than 13.0-58.32.
“Both have to be configured with an SAML SP or IdP configuration to be affected,” Citrix famous in its safety update.
The National Security Agency (NSA) issued its personal warning that the China-linked APT5 risk group has been actively focusing on Citrix ADCs to bypass authentication controls to breach organizations. It additionally supplied risk looking steerage for safety groups, and requested for intelligence sharing amongst the private and non-private sectors.
“The indicators and context from this evaluation can be utilized by organizations for defensive functions in opposition to this malicious exercise,” the NSA introduced. “NSA requests that any extra insights and/or discoveries be shared with the NSA Cybersecurity Collaboration Center so as to improve understanding of this exercise and in order that it may be used to enhance the general safety posture of the Defense Industrial Base, DoD, and USG.”