Unauthenticated remote arbitrary code execution
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCitrix Application Delivery Controller
HWCitrixwszystkie wersjeCitrix Application Delivery Controller Firmware
OSCitrix12.1 – 12.1-65.25 (bez)13.0 – 13.0-58.32 (bez)12.1 – 12.1-55.291 (bez)Citrix Gateway
HWCitrixwszystkie wersjeCitrix Gateway Firmware
OSCitrix12.1 – 12.1-65.25 (bez)13.0 – 13.0-58.32 (bez)
CISA KEV — detailsi
- Vendori
- Citrix ↗
- Producti
- Application Delivery Controller (ADC) and Gateway
- Added to KEVi
- December 13, 2022
- Remediation deadline (US Federal)i
- January 3, 2023(overdue)
Required action (CISA)i
Apply updates per vendor instructions.
CISA descriptioni
Citrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to execute code as administrator.
🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
⏰CISA DEADLINE: 3 stycznia 2023
Tags
RCE
Related vulnerabilities
CVE-2019-19781CRITICAL9.8⚠ KEVten sam produkt
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, an...
CVE-2022-27510CRITICAL9.8ten sam produkt
Unauthorized access to Gateway user capabilities
CVE-2019-18225CRITICAL9.8ten sam produkt
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11...
CVE-2018-7218CRITICAL9.8ten sam produkt
The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 b...
CVE-2022-27508HIGH7.5ten sam produkt
Unauthenticated denial of service