Security News > 2022 > December > Citrix patches critical ADC flaw the NSA says is already under attack from China

The China-linked crime gang APT5 is already attacking a flaw in Citrix's Application Delivery Controller and Gateway products that the vendor patched today.

Citrix says the flaw, CVE-2022-27518, "Could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance" if it is configured as a SAML service provider or identity provider.

Unusually, Citrix has a policy of not revealing the Common Vulnerability Scoring System scores for its flaws.

The Register suggests the flaw may be closer to a 10.0 score than a 9.0 rating, because Citrix's announcement of the flaw was quickly followed by publication of a threat hunting guidance [PDF] from the United States' National Security Agency, which believes a China-linked crime gang known as APT5 has already "Demonstrated capabilities" to attack Citrix ADCs.

Security vendor Tenable has analyzed the flaw and at the time of writing had not found proof-of-concept code for the flaw.

Citrix announced the flaw in late December 2019, but patches did not appear until January 20 2020.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/12/14/chinas_apt5_attacks_citrix_adc_flaw/