Critical RCE Alarm on Citrix ADC and Citrix Gateway

[vc_row pix_particles_check=”” nav_skin=”light” consent_include=”include”][vc_column][vc_column_text]A critical security vulnerability has been identified in Citrix ADC and Citrix Gateway network solutions that could allow threat actors to remote code execution in affected installations.

The security vulnerability, tracked as CVE-2022-27518, is caused by incorrect access restrictions on systems configured as SAML SP or SAML IdP. An unauthenticated, remote threat actor can gain unauthorized access to the system and execute arbitrary code.

The following supported versions of Citrix ADC and Citrix Gateway are affected by this vulnerability;

  • Citrix ADC And Citrix Gateway 13.0, Before 13.0-58.32
  • Citrix ADC And Citrix Gateway 12.1, Before 12.1-65.25
  • Pre 12.1-55.291 Citrix ADC 12.1-FIPS
  • 1-55.291 Pre-Citrix ADC 12.1-NDcPP

Citrix ADC and Citrix Gateway version 13.1 are not affected by the vulnerability. In addition, the vulnerability is actively exploited by threat actors. The following scripts specify whether the Citrix ADC or Citrix Gateway is configured as SAML SP or SAML IdP. If any of these scripts are present in the ns.conf file and the version is affected, the application needs to be updated;

  • Add Authentication SamlIdPProfile
  • Add Authentication SamlAction

It is recommended that users using vulnerable versions and configurations immediately apply the published updates in order not to be the target of attacks that can be carried out using the vulnerability. Customers using Citrix-managed cloud services or Citrix-managed Adaptive Authentication do not need to take any action regarding the vulnerability.[/vc_column_text][vc_empty_space][/vc_column][/vc_row]