#VU69136 Protection Mechanism Failure in Citrix Access Gateway and Citrix Netscaler ADC - CVE-2022-27516
Published: November 8, 2022
Vulnerability identifier: #VU69136
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-27516
CWE-ID: CWE-693
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Citrix Access Gateway
Citrix Netscaler ADC
Citrix Access Gateway
Citrix Netscaler ADC
Software vendor:
Citrix
Citrix
Description
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrect implementation of of the "Max Login Attempts" feature within the VPN (Gateway) and AAA virtual server. An attacker can bypass implemented security restrictions and perform a brute-force attack.
Remediation
Install updates from vendor's website.