Security News > 2022 > December > Hackers exploit critical Citrix ADC and Gateway zero day, patch now
Citrix strongly urges admins to apply security updates for an 'Critical' zero-day vulnerability in Citrix ADC and Gateway that is actively exploited by state-sponsored hackers to gain access to corporate networks.
Citrix ADC and Citrix Gateway version 13.1 are not affected by CVE-2022-27518, so upgrading to it solves the security problem.
Citrix ADC FIPS and Citrix ADC NDcPP should upgrade to versions 12.1-55.291 or later.
In a coordinated disclosure, the NSA has released an "APT5: Citrix ADC Threat Hunting Guidance" advisory with information on detecting if a device has been exploited and tips on securing Citrix ADC and Gateway devices.
In 2019, a remote code execution flaw tracked as CVE-2019-19781 was discovered in Citrix ADC and Citrix Gateway and quickly became targeted by ransomware operations, state-supported APTs, opportunistic attackers that used mitigation bypasses, and more.
Exploitation became so widely abused that the Dutch government advised companies to turn off their Citrix ADC and Citrix Gateway devices until admins could apply security updates.
News URL
Related news
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
- Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own (source)
- Hackers exploit WordPress plugin auth bypass hours after disclosure (source)
- Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices (source)
- ⚡ Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More (source)
- PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- Emergency patch for potential SAP zero-day that could grant full system control (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-13 | CVE-2022-27518 | Unspecified vulnerability in Citrix products Unauthenticated remote arbitrary code execution | 9.8 |
| 2019-12-27 | CVE-2019-19781 | Path Traversal vulnerability in Citrix products An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. | 9.8 |