Security News > 2022 > December > Citrix patches critical ADC flaw the NSA says is already under attack from China
The China-linked crime gang APT5 is already attacking a flaw in Citrix's Application Delivery Controller and Gateway products that the vendor patched today.
Citrix says the flaw, CVE-2022-27518, "Could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance" if it is configured as a SAML service provider or identity provider.
Unusually, Citrix has a policy of not revealing the Common Vulnerability Scoring System scores for its flaws.
The Register suggests the flaw may be closer to a 10.0 score than a 9.0 rating, because Citrix's announcement of the flaw was quickly followed by publication of a threat hunting guidance [PDF] from the United States' National Security Agency, which believes a China-linked crime gang known as APT5 has already "Demonstrated capabilities" to attack Citrix ADCs.
Security vendor Tenable has analyzed the flaw and at the time of writing had not found proof-of-concept code for the flaw.
Citrix announced the flaw in late December 2019, but patches did not appear until January 20 2020.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/12/14/chinas_apt5_attacks_citrix_adc_flaw/
Related news
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- China again claims Volt Typhoon cyber-attack crew was invented by the US to discredit it (source)
- China’s infosec leads accuse Intel of NSA backdoor, cite chip security flaws (source)
- Intel robustly refutes China's accusations it bakes in NSA backdoors (source)
- Intel hits back at China's accusations it bakes in NSA backdoors (source)
- Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)
- FortiManager critical vulnerability under active attack (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-13 | CVE-2022-27518 | Unspecified vulnerability in Citrix products Unauthenticated remote arbitrary code execution | 9.8 |