Security News > 2022 > December > Hackers exploit critical Citrix ADC and Gateway zero day, patch now
Citrix strongly urges admins to apply security updates for an 'Critical' zero-day vulnerability in Citrix ADC and Gateway that is actively exploited by state-sponsored hackers to gain access to corporate networks.
Citrix ADC and Citrix Gateway version 13.1 are not affected by CVE-2022-27518, so upgrading to it solves the security problem.
Citrix ADC FIPS and Citrix ADC NDcPP should upgrade to versions 12.1-55.291 or later.
In a coordinated disclosure, the NSA has released an "APT5: Citrix ADC Threat Hunting Guidance" advisory with information on detecting if a device has been exploited and tips on securing Citrix ADC and Gateway devices.
In 2019, a remote code execution flaw tracked as CVE-2019-19781 was discovered in Citrix ADC and Citrix Gateway and quickly became targeted by ransomware operations, state-supported APTs, opportunistic attackers that used mitigation bypasses, and more.
Exploitation became so widely abused that the Dutch government advised companies to turn off their Citrix ADC and Citrix Gateway devices until admins could apply security updates.
News URL
Related news
- Exploit code released for critical Ivanti RCE flaw, patch now (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks (source)
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws (source)
- Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities (source)
- Adobe fixes Acrobat Reader zero-day with public PoC exploit (source)
- Hackers targeting WhatsUp Gold with public exploit since August (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-13 | CVE-2022-27518 | Unspecified vulnerability in Citrix products Unauthenticated remote arbitrary code execution | 9.8 |
| 2019-12-27 | CVE-2019-19781 | Path Traversal vulnerability in Citrix products An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. | 9.8 |