Lucene search

K
cisa_kevCISACISA-KEV-CVE-2022-27518
HistoryDec 13, 2022 - 12:00 a.m.

Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability

2022-12-1300:00:00
CISA
www.cisa.gov
33
citrix
adc
gateway
authentication
bypass
vulnerability
saml
administrator
code execution

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.205

Percentile

96.4%

Citrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to execute code as administrator.

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.205

Percentile

96.4%