Security News > 2022 > December > Hackers exploit critical Citrix ADC and Gateway zero day, patch now

Hackers exploit critical Citrix ADC and Gateway zero day, patch now
2022-12-13 15:07

Citrix strongly urges admins to apply security updates for an 'Critical' zero-day vulnerability in Citrix ADC and Gateway that is actively exploited by state-sponsored hackers to gain access to corporate networks.

Citrix ADC and Citrix Gateway version 13.1 are not affected by CVE-2022-27518, so upgrading to it solves the security problem.

Citrix ADC FIPS and Citrix ADC NDcPP should upgrade to versions 12.1-55.291 or later.

In a coordinated disclosure, the NSA has released an "APT5: Citrix ADC Threat Hunting Guidance" advisory with information on detecting if a device has been exploited and tips on securing Citrix ADC and Gateway devices.

In 2019, a remote code execution flaw tracked as CVE-2019-19781 was discovered in Citrix ADC and Citrix Gateway and quickly became targeted by ransomware operations, state-supported APTs, opportunistic attackers that used mitigation bypasses, and more.

Exploitation became so widely abused that the Dutch government advised companies to turn off their Citrix ADC and Citrix Gateway devices until admins could apply security updates.


News URL

https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-citrix-adc-and-gateway-zero-day-patch-now/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-12-13 CVE-2022-27518 Unspecified vulnerability in Citrix products
Unauthenticated remote arbitrary code execution
network
low complexity
citrix
critical
9.8
2019-12-27 CVE-2019-19781 Path Traversal vulnerability in Citrix products
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0.
network
low complexity
citrix CWE-22
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Citrix 66 2 64 101 46 213