Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability

Added Dec. 13, 2022 • Due Jan. 3, 2023 • CVE-2022-27518

Overdue Citrix / Application Delivery Controller (ADC) and Gateway CWE-664

Description

Citrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to execute code as administrator.

Required Action

Apply updates per vendor instructions.

References

https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/
https://nvd.nist.gov/vuln/detail/CVE-2022-27518

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 5 months ago