Security News > 2022 > December > Citrix patches critical ADC flaw the NSA says is already under attack from China
The China-linked crime gang APT5 is already attacking a flaw in Citrix's Application Delivery Controller and Gateway products that the vendor patched today.
Citrix says the flaw, CVE-2022-27518, "Could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance" if it is configured as a SAML service provider or identity provider.
Unusually, Citrix has a policy of not revealing the Common Vulnerability Scoring System scores for its flaws.
The Register suggests the flaw may be closer to a 10.0 score than a 9.0 rating, because Citrix's announcement of the flaw was quickly followed by publication of a threat hunting guidance [PDF] from the United States' National Security Agency, which believes a China-linked crime gang known as APT5 has already "Demonstrated capabilities" to attack Citrix ADCs.
Security vendor Tenable has analyzed the flaw and at the time of writing had not found proof-of-concept code for the flaw.
Citrix announced the flaw in late December 2019, but patches did not appear until January 20 2020.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/12/14/chinas_apt5_attacks_citrix_adc_flaw/
Related news
- China's Volt Typhoon reportedly breached Singtel in 'test-run' for US telecom attacks (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration (source)
- Critical bug in EoL D-Link NAS devices now exploited in attacks (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-13 | CVE-2022-27518 | Unspecified vulnerability in Citrix products Unauthenticated remote arbitrary code execution | 9.8 |