Protection Mechanism Failure in Citrix Access Gateway and Citrix Netscaler ADC - CVE-2022-27516
Published: November 8, 2022
Vulnerability identifier: #VU69136
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-27516
CWE-ID: CWE-693
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Citrix
Affected software:
Citrix Access Gateway
Citrix Netscaler ADC
Citrix Access Gateway
Citrix Netscaler ADC
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrect implementation of of the "Max Login Attempts" feature within the VPN (Gateway) and AAA virtual server. An attacker can bypass implemented security restrictions and perform a brute-force attack.
How to mitigate CVE-2022-27516
Install updates from vendor's website.