CVE-2022-27518 is a newly detected Citrix vulnerability, currently exploited in attacks. The zero-day is located in Citrix ADC and Gateway, and could allow an unauthenticated remote threat actor to take over an exposed device.
What Is Known about CVE-2022-27518?
According to the official Citrix advisory, a vulnerability has been discovered in Citrix Gateway and Citrix ADC, that could allow an unauthenticated remote attacker to perform arbitrary code execution on vulnerable appliances.
Affected Citrix ADC and Citrix Gateway Versions
The company has informed that the following supported versions of Citrix ADC and Citrix Gateway are affected by CVE-2022-27518, with the exclusion of Citrix ADC and Citrix Gateway version 13.1:
- Citrix ADC and Citrix Gateway 13.0 before 13.0-58.32
- Citrix ADC and Citrix Gateway 12.1 before 12.1-65.25
- Citrix ADC 12.1-FIPS before 12.1-55.291
- Citrix ADC 12.1-NDcPP before 12.1-55.291
How to Determine If a Citrix Device Is vulnerable?
To determine exposure, customers can establish if their appliance is configured as a SAML SP or a SAML IdP by inspecting the ns.conf file for the following commands:
add authentication samlAction
– Appliance is configured as a SAML SP
add authentication samlIdPProfile
– Appliance is configured as a SAML IdP
“If either of the commands are present in the ns.conf file and if the version is an affected version, then the appliance must be updated,” the advisory noted.
Previous Citrix Vulnerabilities Reported in 2022
Earlier this year, multiple vulnerabilities in the Citrix product portfolio were patched, including a high-severity bug in SD-WAN, tracked as CVE-2022-27505. This was determined as a reflected cross-site scripting (XSS) issue, a result of improper input during web page generation. Citrix said that both standard and premium versions of SD-WAN before version 11.4.3a were affected.