{"id":25896,"date":"2022-07-28T11:47:43","date_gmt":"2022-07-28T09:47:43","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=25896"},"modified":"2022-07-28T11:47:43","modified_gmt":"2022-07-28T09:47:43","slug":"citrix-adc-gateway-sicherheitshinweis-cve-2022-27509","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2022\/07\/28\/citrix-adc-gateway-sicherheitshinweis-cve-2022-27509\/","title":{"rendered":"Citrix ADC\/Gateway Security Bulletin CVE-2022-27509"},"content":{"rendered":"<p><img decoding=\"async\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" width=\"200\" align=\"left\">[<a href=\"https:\/\/www.borncity.com\/blog\/2022\/07\/28\/citrix-adc-gateway-sicherheitshinweis-cve-2022-27509\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Does anyone use a Citrix ADC or Citrix Gateway in an enterprise environment? Vulnerability CVE-2022-27509 has been discovered in the products, which allows an attacker to create a specially crafted URL that redirects to a malicious website. Citrix has published a security advisory about this.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg04.met.vgwort.de\/na\/ffa94ba8e0fb4a76a949f2aa1405a3d9\" width=\"1\" height=\"1\">I've already seen the advisory on Twitter the other day &#8211; details can be found in <a href=\"https:\/\/support.citrix.com\/article\/CTX457836\/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227509\" target=\"_blank\" rel=\"noopener\">Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27509<\/a>.<\/p>\n<p><a href=\"https:\/\/twitter.com\/cstalhood\/status\/1551903220129202180\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"Citrix ADC\/Gateway Vulnerability CVE-2022-27509\" alt=\"Citrix ADC\/Gateway Vulnerability CVE-2022-27509\" src=\"https:\/\/i.imgur.com\/88SrsnJ.png\"><\/a><\/p>\n<p>The following supported versions of Citrix ADC and Citrix Gateway are affected by this vulnerability: <\/p>\n<ul>\n<li>Citrix ADC and Citrix Gateway 13.1 before 13.1-24.38\n<li>Citrix ADC and Citrix Gateway 13.0 before 13.0-86.17\n<li>Citrix ADC and Citrix Gateway 12.1 before 12.1-65.15\n<li>Citrix ADC 12.1-FIPS before 12.1-55.282\n<li>Citrix ADC 12.1-NDcPP before 12.1-55.282 <\/li>\n<\/ul>\n<p>This bulletin applies only to customer-managed Citrix ADC and Citrix Gateway appliances. Customers using Citrix managed cloud services do not need to take any action. Citrix recommends installing the appropriate updated versions of Citrix ADC or Citrix Gateway as soon as possible on affected instances to the following versions: <\/p>\n<ul>\n<li>Citrix ADC and Citrix Gateway 13.1-24.38 and later versions. <\/li>\n<li>Citrix ADC and Citrix Gateway 13.0-86.17 and later versions of 13.0\u202f <\/li>\n<li>Citrix ADC and Citrix Gateway 12.1-65.15 and later versions of 12.1\u202f <\/li>\n<li>Citrix ADC 12.1-FIPS 12.1-55.282 and later versions of 12.1-FIPS\u202f <\/li>\n<li>Citrix ADC 12.1-NDcPP 12.1-55.282 and later versions of 12.1-NDcPP <\/li>\n<\/ul>\n<p>Note: Customers who previously copied the <em>httpd.conf<\/em> file to the<em> \/ns<\/em>config directory must follow <a href=\"https:\/\/docs.citrix.com\/en-us\/citrix-adc\/current-release\/upgrade-downgrade-citrix-adc-appliance\/upgrade-considerations-customized-files.html\" target=\"_blank\" rel=\"noopener\">these steps<\/a> to ensure that this security update is installed correctly. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Does anyone use a Citrix ADC or Citrix Gateway in an enterprise environment? Vulnerability CVE-2022-27509 has been discovered in the products, which allows an attacker to create a specially crafted URL that redirects to a malicious website. Citrix has published &hellip; <a href=\"https:\/\/borncity.com\/win\/2022\/07\/28\/citrix-adc-gateway-sicherheitshinweis-cve-2022-27509\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-25896","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/25896","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=25896"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/25896\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=25896"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=25896"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=25896"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}