Critical Vulnerability CVE-2022-27518 in Citrix ADC and Gateway

Sicherheit (Pexels, allgemeine Nutzung)[German]Citrix has informed about a critical vulnerability CVE-2022-27518 in its products Citrix ADC and Citrix Gateway. This affects versions: 12.1 (including FIPS and NDcPP) and 13.0 before 13.0-58.32 of Citrix ADC and Citrix Gateway. However, both products are only affected if they are running with a SAML SP or IdP configuration. Citrix has released updates to close the vulnerability.


Advertising

Citrix has discovered vulnerability CVE-2022-27518 in Citrix ADC and Citrix Gateway 12.1 and 13.0 before 13.0-58.32 builds as part of internal reviews and through cooperation from security partners. It is an authentication vulnerability that allows remote code execution (RCE). This vulnerability has been rated critical by Citrix, according to the company's blog and security bulletin CTX474995.

Citrix ADC and Gateway vulnerability CVE-2022-27518

Citrix states that there are a small number of targeted attacks that exploit this vulnerability. The vendor recommends that customers running the following products or software versions with a SAML SP or IdP configuration patch immediately with the provided security updates. The following supported versions of Citrix ADC and Citrix Gateway are affected by this vulnerability:

  • Citrix ADC and Citrix Gateway 13.0 before 13.0-58.32
  • Citrix ADC and Citrix Gateway 12.1 before 12.1-65.25
  • Citrix ADC 12.1-FIPS before 12.1-55.291
  • Citrix ADC 12.1-NDcPP before 12.1-55.291

Citrix ADC and Citrix Gateway version 13.1 are not affected. Customers of a Citrix-managed cloud service or a Citrix-managed Adaptive Authentication customer do not need to take any action. Customers who self-manage their Citrix ADC or Citrix Gateway appliances and are affected need to install the updates mentioned below (are linked here).

  • Citrix ADC and Citrix Gateway 13.0-58.32 and later versions
  • Citrix ADC and Citrix Gateway 12.1-65.25 and later versions of 12.1
  • Citrix ADC 12.1-FIPS 12.1-55.291 and later versions of 12.1-FIPS
  • Citrix ADC 12.1-NDcPP 12.1-55.291 and later versions of 12.1-NDcPP

Citrix also provides instructions on how to check if their Citrix ADC or Citrix Gateway is configured as a SAML SP or SAML IdP. To do this, look in the ns.conf file for the following commands:


Advertising

add authentication samlAction

Then the appliance is configured as SAML SP. With the following command:

add authentication samlIdPProfile

the appliance is configured as a SAML IdP. If either command is present in the ns.conf file and the software has one of the affected version numbers listed above, the appliance must be updated. The US National Security Agency (NSA) has published this document (PDF) to find out if the appliance may have already been compromised.


Advertising

This entry was posted in Security, Software, Update and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).