Security News > 2022 > December > Citrix patches critical ADC flaw the NSA says is already under attack from China
The China-linked crime gang APT5 is already attacking a flaw in Citrix's Application Delivery Controller and Gateway products that the vendor patched today.
Citrix says the flaw, CVE-2022-27518, "Could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance" if it is configured as a SAML service provider or identity provider.
Unusually, Citrix has a policy of not revealing the Common Vulnerability Scoring System scores for its flaws.
The Register suggests the flaw may be closer to a 10.0 score than a 9.0 rating, because Citrix's announcement of the flaw was quickly followed by publication of a threat hunting guidance [PDF] from the United States' National Security Agency, which believes a China-linked crime gang known as APT5 has already "Demonstrated capabilities" to attack Citrix ADCs.
Security vendor Tenable has analyzed the flaw and at the time of writing had not found proof-of-concept code for the flaw.
Citrix announced the flaw in late December 2019, but patches did not appear until January 20 2020.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/12/14/chinas_apt5_attacks_citrix_adc_flaw/
Related news
- FBI: Critical infrastructure suffers spike in ransomware attacks (source)
- Possible China link to Change Healthcare ransomware attack (source)
- Public anxiety mounts over critical infrastructure resilience to cyber attacks (source)
- Five Eyes tell critical infra orgs: take these actions now to protect against China's Volt Typhoon (source)
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- Cyber attacks on critical infrastructure show advanced tactics and new capabilities (source)
- Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks (source)
- Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (source)
- Critical Rust flaw enables Windows command injection attacks (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-13 | CVE-2022-27518 | Unspecified vulnerability in Citrix products Unauthenticated remote arbitrary code execution | 9.8 |