Security News > 2022 > December > Citrix patches critical ADC flaw the NSA says is already under attack from China

Citrix patches critical ADC flaw the NSA says is already under attack from China
2022-12-14 06:57

The China-linked crime gang APT5 is already attacking a flaw in Citrix's Application Delivery Controller and Gateway products that the vendor patched today.

Citrix says the flaw, CVE-2022-27518, "Could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance" if it is configured as a SAML service provider or identity provider.

Unusually, Citrix has a policy of not revealing the Common Vulnerability Scoring System scores for its flaws.

The Register suggests the flaw may be closer to a 10.0 score than a 9.0 rating, because Citrix's announcement of the flaw was quickly followed by publication of a threat hunting guidance [PDF] from the United States' National Security Agency, which believes a China-linked crime gang known as APT5 has already "Demonstrated capabilities" to attack Citrix ADCs.

Security vendor Tenable has analyzed the flaw and at the time of writing had not found proof-of-concept code for the flaw.

Citrix announced the flaw in late December 2019, but patches did not appear until January 20 2020.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/12/14/chinas_apt5_attacks_citrix_adc_flaw/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-12-13 CVE-2022-27518 Unspecified vulnerability in Citrix products
Unauthenticated remote arbitrary code execution
network
low complexity
citrix
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Citrix 118 20 177 80 65 342
NSA 2 0 12 0 2 14