The Security team at Citrix has recently disclosed a vulnerability in Citrix Gateway and Citrix ADC, that if exploited, could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance. This vulnerability can be exploited by attackers to take control of devices and has been seen exploited in the wild by state-sponsored threat actors. The security vulnerability is tracked as: CVE-2022-27518.
Citrix has stated that there are no currently available workarounds for this vulnerability and that customers running an impacted version (those with a SAML SP or IdP configuration) should update immediately.
The following supported versions of Citrix ADC and Citrix Gateway are affected by this vulnerability: • Citrix ADC and Citrix Gateway 13.0 before 13.0-58.32 • Citrix ADC and Citrix Gateway 12.1 before 12.1-65.25 • Citrix ADC 12.1-FIPS before 12.1-55.291 • Citrix ADC 12.1-NDcPP before 12.1-55.291 Citrix ADC and Citrix Gateway version 13.1 are unaffected.
Customers can determine if their Citrix ADC or Citrix Gateway is configured as a SAML SP or a SAML IdP by inspecting the ns.conf file for the following commands:
• add authentication samlAction Appliance is configured as a SAML SP
OR
• add authentication samlIdPProfile Appliance is configured as a SAML IdP
If either of the commands are present in the ns.conf file and if the version is an affected version, then the appliance must be updated.
Our Team at Ascend Technologies will be reaching out to clients who have managed devices that are affected by this Vulnerability. If you have any questions, please reach out to us at: support@teamascend.com