9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too.
On Tuesday, December 13, 2022, Citrix published Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518 announcing fixes for a critical unauthenticated remote code execution (RCE) vulnerability that exists in certain configurations of its Gateway and ADC products. This vulnerability has reportedly been exploited in the wild by state-sponsored threat actors.
In a blog post, Citrix states that no workarounds are available for this vulnerability and that customers running an impacted version (those with a SAML SP or IdP configuration) should update immediately.
Citrix is a high-value target for any capable attacker; earlier today, the National Security Agency (NSA) published Citrix ADC Threat Hunting Guidance warning that Citrix ADC is being targeted by state-sponsored adversaries.
The following customer-managed product versions are affected by this vulnerability so long as the ADC or Gateway is configured as a SAML SP or a SAML IdP:
Citrixβs blog post also contains information on how to determine if your configuration is a SAML SP or a SAML IdP.
No workarounds are available; impacted organizations should update to one of the following versions on an emergency basis:
InsightVM customers can assess their exposure to CVE-2022-27518 with the December 13, 2022 content release.