Multiple vulnerabilities in Citrix Gateway and Citrix ADC
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2022-27510 CVE-2022-27513 CVE-2022-27516 |
| CWE-ID | CWE-287 CWE-345 CWE-693 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Citrix Access Gateway Server applications / Remote management servers, RDP, SSH Citrix Netscaler ADC Client/Desktop applications / Software for system administration |
| Vendor | Citrix |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Improper Authentication
EUVDB-ID: #VU69133
Risk: High
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-27510
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in the authentication process when the appliance is configured as VPN (Gateway). A remote non-authenticated attacker can bypass authentication process and gain unauthorized access to Gateway user capabilities.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCitrix Access Gateway: before 12.1.65.21
Citrix Netscaler ADC: before 12.1-55.289
CPE2.3- cpe:2.3:a:citrix:citrix_access_gateway:*:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:citrix_netscaler_adc:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Insufficient verification of data authenticity
EUVDB-ID: #VU69135
Risk: Medium
CVSSv4.0: 4.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-27513
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to insufficient verification of data authenticity within RDP proxy. A remote attacker can gain control over users' RDP sessions via phishing attack.
Successful exploitation of the vulnerability requires the appliance to be configured as VPN (Gateway) and RDP proxy. Also attacker should have initial access to the network via SSL-VPN gateway.
Install updates from vendor's website.
Vulnerable software versionsCitrix Access Gateway: before 12.1.65.21
Citrix Netscaler ADC: before 12.1-55.289
CPE2.3- cpe:2.3:a:citrix:citrix_access_gateway:*:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:citrix_netscaler_adc:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Protection Mechanism Failure
EUVDB-ID: #VU69136
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-27516
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrect implementation of of the "Max Login Attempts" feature within the VPN (Gateway) and AAA virtual server. An attacker can bypass implemented security restrictions and perform a brute-force attack.
Install updates from vendor's website.
Vulnerable software versionsCitrix Access Gateway: before 12.1.65.21
Citrix Netscaler ADC: before 12.1-55.289
CPE2.3- cpe:2.3:a:citrix:citrix_access_gateway:*:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:citrix_netscaler_adc:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
