Patches Released for Multiple Vulnerabilities in Citrix Gateway and ADC (CVE-2022-27510, CVE-2022-27513, and CVE-2022-27516)

Citrix has released patches for multiple vulnerabilities in Citrix Gateway and ADC (CVE-2022-27510, CVE-2022-27513, and CVE-2022-27516). These vulnerabilities can be exploited by an attacker to gain unauthorized access to the device, take over remote desktops, or bypass the login brute force protection. 
 
Citrix Gateway unifies remote access infrastructure to offer single sign-on for all applications, regardless of whether they are hosted in a data center, the cloud, or are offered as SaaS apps. Through a single URL, anyone can access any app on any device. 
 
Citrix ADC is a delivery and load-balancing solution for monolithic and microservices-based applications. This application provides uninterrupted availability and optimal performance.  
 
CVE-2022-27510 
The prerequisite for this vulnerability is that the appliance must be configured as a VPN (Gateway). An attacker can exploit this authentication bypass vulnerability via an alternative path or channel. On successful exploitation, an attacker could get unauthorized access to Gateway user capabilities.  
 
Citrix emphasized that only appliances that are used as a gateway (appliances that are configured as ICA proxies with authentication enabled or that use the SSL VPN feature) are affected by this vulnerability. 
 
CVE-2022-27513 
The prerequisites for this vulnerability are: 

  • The appliance must be configured as a VPN (Gateway) 
  • The RDP proxy functionality must be configured

An attacker can use phishing attempts to exploit this insufficient Verification of Data Authenticity vulnerability. On successful exploitation, an attacker could gain control of a remote workstation.  
 
CVE-2022-27516 
The prerequisites for this vulnerability are:  

  • The appliance must be configured as a VPN (Gateway) OR AAA virtual server 
  • The user lockout functionality “Max Login Attempts” must be configured

This is a user login brute force protection functionality bypass vulnerability. On successful exploitation, an attacker can cause protection mechanism failure of the affected system.  
 
Affected versions  

  • Citrix ADC and Citrix Gateway 13.1 before 13.1-33.47  
  • Citrix ADC and Citrix Gateway 13.0 before 13.0-88.12  
  • Citrix ADC and Citrix Gateway 12.1 before 12.1.65.21 
  • Citrix ADC 12.1-FIPS before 12.1-55.289  
  • Citrix ADC 12.1-NDcPP before 12.1-55.289 

Mitigation 
Customers are advised to upgrade to the following versions to mitigate the vulnerabilities: 

  • Citrix ADC and Citrix Gateway 13.1-33.47 and later releases  
  • Citrix ADC and Citrix Gateway 13.0-88.12 and later releases of 13.0   
  • Citrix ADC and Citrix Gateway 12.1-65.21 and later releases of 12.1   
  • Citrix ADC 12.1-FIPS 12.1-55.289 and later releases of 12.1-FIPS   
  • Citrix ADC 12.1-NDcPP 12.1-55.289 and later releases of 12.1-NDcPP 

For more information, please refer to the Citrix Security Bulletin 
 
Qualys Detection  
Qualys customers can scan their devices with QIDs 377751 and 730713to detect vulnerable assets.  
  
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.  
  
References
https://securityaffairs.co/wordpress/138264/security/citrix-gateway-adc-flaws.html 
https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516  

Leave a Reply

Your email address will not be published. Required fields are marked *