 [German]Citrix has informed about a critical vulnerability CVE-2022-27518 in its products Citrix ADC and Citrix Gateway. This affects versions: 12.1 (including FIPS and NDcPP) and 13.0 before 13.0-58.32 of Citrix ADC and Citrix Gateway. However, both products are only affected if they are running with a SAML SP or IdP configuration. Citrix has released updates to close the vulnerability.
[German]Citrix has informed about a critical vulnerability CVE-2022-27518 in its products Citrix ADC and Citrix Gateway. This affects versions: 12.1 (including FIPS and NDcPP) and 13.0 before 13.0-58.32 of Citrix ADC and Citrix Gateway. However, both products are only affected if they are running with a SAML SP or IdP configuration. Citrix has released updates to close the vulnerability.
Citrix has discovered vulnerability CVE-2022-27518 in Citrix ADC and Citrix Gateway 12.1 and 13.0 before 13.0-58.32 builds as part of internal reviews and through cooperation from security partners. It is an authentication vulnerability that allows remote code execution (RCE). This vulnerability has been rated critical by Citrix, according to the company's blog and security bulletin CTX474995.

Citrix states that there are a small number of targeted attacks that exploit this vulnerability. The vendor recommends that customers running the following products or software versions with a SAML SP or IdP configuration patch immediately with the provided security updates. The following supported versions of Citrix ADC and Citrix Gateway are affected by this vulnerability:
- Citrix ADC and Citrix Gateway 13.0 before 13.0-58.32
- Citrix ADC and Citrix Gateway 12.1 before 12.1-65.25
- Citrix ADC 12.1-FIPS before 12.1-55.291
- Citrix ADC 12.1-NDcPP before 12.1-55.291
Citrix ADC and Citrix Gateway version 13.1 are not affected. Customers of a Citrix-managed cloud service or a Citrix-managed Adaptive Authentication customer do not need to take any action. Customers who self-manage their Citrix ADC or Citrix Gateway appliances and are affected need to install the updates mentioned below (are linked here).
- Citrix ADC and Citrix Gateway 13.0-58.32 and later versions
- Citrix ADC and Citrix Gateway 12.1-65.25 and later versions of 12.1
- Citrix ADC 12.1-FIPS 12.1-55.291 and later versions of 12.1-FIPS
- Citrix ADC 12.1-NDcPP 12.1-55.291 and later versions of 12.1-NDcPP
Citrix also provides instructions on how to check if their Citrix ADC or Citrix Gateway is configured as a SAML SP or SAML IdP. To do this, look in the ns.conf file for the following commands:
add authentication samlAction
Then the appliance is configured as SAML SP. With the following command:
add authentication samlIdPProfile
the appliance is configured as a SAML IdP. If either command is present in the ns.conf file and the software has one of the affected version numbers listed above, the appliance must be updated. The US National Security Agency (NSA) has published this document (PDF) to find out if the appliance may have already been compromised.
 
			


