Citrix published a Security Bulletin on 8th Nov 2022 in which it disclosed 3 new critical vulnerabilities in Citrix ADC and Gateway Products. All three tracked under the identifiers CVE-2022-27510, CVE-2022-27513, and CVE-2022-27516 are rated Critical with CVSS scores from 9.8 to 9.6. The exploitation of these vulnerabilities would allow adversaries to gain authorized access, perform remote desktop takeover, and even bypass defenses against brute-force attempts in vulnerable versions of Citrix ADC and Gateway Products. It is highly recommended that organizations who use Citrix ADC and Gateway Products should patch the 3 new critical vulnerabilities in Citrix ADC and Gateway Products. Without further due, let’s see how to patch the 3 new critical vulnerabilities in Citrix ADC and Gateway products in this post.
Table of Contents
A Short Note About Citrix ADC and Gateway Products:
Citrix ADC:
Citrix ADC is a line of products that provide secure application and desktop delivery, networking, and cloud services. It was formerly known as NetScaler ADC.
Citrix ADC provides a complete application delivery infrastructure for on-premises, hybrid, and cloud deployments. It offers industry-leading load balancing, traffic management, and security capabilities that enable organizations to ensure optimal application performance and security.
Citrix ADC is available in a variety of form factors, including hardware appliances, virtual appliances, and cloud services. It is backed by a comprehensive set of features and services that provide users with a complete application delivery experience.
Citrix Gateway:
Citrix Gateway provides secure remote access to internal resources, applications, and data. It uses SSL and IPSec VPN technologies to create a secure connection between users and corporate networks. Citrix Gateway can be used to connect to on-premises resources, such as email servers, file servers, and databases. It can also be used to connect to cloud-based resources, such as SaaS applications and IaaS platforms. Citrix Gateway is a key component of the Citrix NetScaler platform, which also includes Citrix ADC (Application Delivery Controller) and Citrix SD-WAN (Software-Defined WAN).
Summary of 3 New Critical Vulnerabilities in Citrix ADC and Gateway Products:
As per the advisory released by Citrix, there are three vulnerabilities identified in Citrix ADC and Gateway Products. All three tracked under the identifiers CVE-2022-27510, CVE-2022-27513, and CVE-2022-27516 are rated Critical with CVSS scores of 9.8, 9.6, and 9.8 out of 10, respectively.
CVE ID | Description | CVSS Score | CVSS Vector |
CVE-2022-27510 | Unauthorized access to Gateway user capabilities | 9.8 Critical | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVE-2022-27513 | Remote desktop takeover via phishing | 9.6 Critical | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
CVE-2022-27516 | User login brute force protection functionality bypass | 9.8 Critical | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVE-2022-27510
This is an unauthorized access critical vulnerability with a CVSS score of 9.8, which could be abused to gain unauthorized access. To exploit the vulnerability, the appliance must be configured as a VPN Gateway.
CVE-2022-27513
This is an unauthorized access critical vulnerability with a CVSS score of 9.6, which could be abused to take RDP sessions via social engineering attacks like Phishing. It’s been said that this is due to insufficient verification of data authenticity. To exploit this vulnerability, the appliance must be configured as a VPN Gateway with the RDP proxy functionality enabled on the appliance.
CVE-2022-27516
This is a user login brute-force protection functionality bypass vulnerability with a CVSS score of 9.8, which could be abused to bypass defenses against brute-force login attempts. It’s been said that this is due to Protection Mechanism Failure. To exploit the vulnerability, the appliance must be configured either as a VPN Gateway or an AAA virtual server with the user lockout functionality value set “Max Login Attempts” on the appliance.
Citrix Products Affected by These Vulnerabilities
According to Jarosław Jahrek Kamiński, a security researcher at Securitum, a Polish penetration testing firm, the following versions of Citrix ADC and Citrix Gateway are affected by these three vulnerabilities.
- Citrix ADC and Citrix Gateway 13.1 before 13.1-33.47
- Citrix ADC and Citrix Gateway 13.0 before 13.0-88.12
- Citrix ADC and Citrix Gateway 12.1 before 12.1.65.21
- Citrix ADC 12.1-FIPS before 12.1-55.289
- Citrix ADC 12.1-NDcPP before 12.1-55.289
Note: These flaws affect only on-premises physical or virtual appliances. Cloud services are completely safe from these flaws. Organizations using Citrix-managed cloud services do not need to take any action.
How to Patch the 3 New Critical Vulnerabilities in Citrix ADC and Gateway Products?
Citrix has released patched versions to address these vulnerabilities. We recommend installing the relevant updated versions of Citrix ADC or Citrix Gateway as soon as possible. Please download the latest versions of Citrix ADC and Citrix Gateway to apply the patches.
Patched versions of Citrix ADC and Gateway Products:
- Citrix ADC and Citrix Gateway 13.1-33.47 and later releases
- Citrix ADC and Citrix Gateway 13.0-88.12 and later releases of 13.0
- Citrix ADC and Citrix Gateway 12.1-65.21 and later releases of 12.1
- Citrix ADC 12.1-FIPS 12.1-55.289 and later releases of 12.1-FIPS
- Citrix ADC 12.1-NDcPP 12.1-55.289 and later releases of 12.1-NDcPP
Note: Citrix ADC and Citrix Gateway versions prior to 12.1 are declared the end of life. No updates are released to these versions. Organizations using these obsolete versions are suggested to move to one of the supported versions. If you feel you need more support on this issue, please contact Citrix Technical Support.
How To Upgrade Citirx ADC?
There are different ways to upgrade Citrix ADC appliance. Please take a look at those here:
How To Upgrade Citirx Gateway?
There are different ways to upgrade Citrix Gateway appliance. Please take a look at those here:
We hope this post will help you know how to patch the 3 new critical vulnerabilities in Citrix ADC and Gateway products. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/293242.html