CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2022-27518

CVSS 9.8v3.1pub. 2022-12-13upd. 2026-02-25

Unauthenticated remote arbitrary code execution

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Citrix Application Delivery Controller

    HW
    Citrix
    wszystkie wersje
  • Citrix Application Delivery Controller Firmware

    OS
    Citrix
    12.1 – 12.1-65.25 (bez)13.0 – 13.0-58.32 (bez)12.1 – 12.1-55.291 (bez)
  • Citrix Gateway

    HW
    Citrix
    wszystkie wersje
  • Citrix Gateway Firmware

    OS
    Citrix
    12.1 – 12.1-65.25 (bez)13.0 – 13.0-58.32 (bez)

CISA KEV — detailsi

Vendori
Citrix
Producti
Application Delivery Controller (ADC) and Gateway
Added to KEVi
December 13, 2022
Remediation deadline (US Federal)i
January 3, 2023(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Citrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to execute code as administrator.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 3 stycznia 2023
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2019-19781CRITICAL9.8⚠ KEVten sam produkt

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, an...

CVE-2022-27510CRITICAL9.8ten sam produkt

Unauthorized access to Gateway user capabilities

CVE-2019-18225CRITICAL9.8ten sam produkt

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11...

CVE-2018-7218CRITICAL9.8ten sam produkt

The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 b...

CVE-2022-27508HIGH7.5ten sam produkt

Unauthenticated denial of service