Vulnerabilities have been discovered in Citrix Gateway and Citrix ADC, listed below. Note that only appliances that are operating as a Gateway (appliances using the SSL VPN functionality or deployed as an ICA proxy with authentication enabled) are affected by the first issue, which is rated as a Critical severity vulnerability.
CVE-ID
Description
CWE
Affected Products
Pre-conditions
CVE-2022-27510
Unauthorized access to Gateway user capabilities
CWE-288: Authentication Bypass Using an Alternate Path or Channel
Citrix Gateway, Citrix ADC
Appliance must be configured as a VPN (Gateway)
CVE-2022-27513
Remote desktop takeover via phishing
CWE-345: Insufficient Verification of Data Authenticity
Citrix Gateway, Citrix ADC
Appliance must be configured as a VPN (Gateway) and the RDP proxy functionality must be configured
CVE-2022-27516
User login brute force protection functionality bypass
CWE-693: Protection Mechanism Failure
Citrix Gateway, Citrix ADC
Appliance must be configured as a VPN (Gateway) OR AAA virtual server and the user lockout functionality “Max Login Attempts” must be configured
The following supported versions of Citrix ADC and Citrix Gateway are affected by this vulnerability:
Citrix ADC and Citrix Gateway 13.1 before 13.1-33.47
Citrix ADC and Citrix Gateway 13.0 before 13.0-88.12
Citrix ADC and Citrix Gateway 12.1 before 12.1.65.21
Citrix ADC 12.1-FIPS before 12.1-55.289
Citrix ADC 12.1-NDcPP before 12.1-55.289
This bulletin only applies to customer-managed Citrix ADC and Citrix Gateway appliances. Customers using Citrix-managed cloud services do not need to take any action.
Microsoft is investigating two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker.
What Customers Should Do
To protect your on-prem Exchange you can bind a responder policy on the Citrix ADC contentswitch handling all the Exchange related traffic:
A vulnerability has been discovered in Citrix ADC and Citrix Gateway which enables an attacker to create a specially crafted URL that redirects to a malicious website.
This vulnerability has the following identifier:
CVE-ID
Description
CWE
Pre-conditions
CVE-2022-27509
Unauthenticated redirection to a malicious website
CWE-345: Insufficient Verification of Data Authenticity
Appliance must be configured as a VPN (Gateway) or AAA virtual server A victim user must use an attacker-crafted link
The following supported versions of Citrix ADC and Citrix Gateway are affected by this vulnerability:
Citrix ADC and Citrix Gateway 13.1 before 13.1-24.38
Citrix ADC and Citrix Gateway 13.0 before 13.0-86.17
Citrix ADC and Citrix Gateway 12.1 before 12.1-65.15
Citrix ADC 12.1-FIPS before 12.1-55.282
Citrix ADC 12.1-NDcPP before 12.1-55.282
This bulletin only applies to customer-managed Citrix ADC and Citrix Gateway appliances. Customers using Citrix-managed cloud services do not need to take any action.
What Customers Should Do
Citrix recommends that affected customers install the relevant updated versions of Citrix ADC or Citrix Gateway as soon as possible:
Citrix ADC and Citrix Gateway 13.1-24.38 and later releases
Citrix ADC and Citrix Gateway 13.0-86.17 and later releases of 13.0
Citrix ADC and Citrix Gateway 12.1-65.15 and later releases of 12.1
Citrix ADC 12.1-FIPS 12.1-55.282 and later releases of 12.1-FIPS
Citrix ADC 12.1-NDcPP 12.1-55.282 and later releases of 12.1-NDcPP
Vulnerabilities have been discovered in Citrix Application Delivery Management (Citrix ADM) that, if exploited, could result in the following security issues:
Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted.
Temporary disruption of the ADM license service. The impact of this includes preventing new licenses from being issued or renewed by Citrix ADM.
CVE-ID
Description
CWE
Pre-conditions
CVE-2022-27511
Corruption of the system by a remote, unauthenticated user potentially leading to the reset of the administrator password
CWE-284: Improper Access Control
Access to ADM IP
CVE-2022-27512
Temporary disruption of the ADM license service
CWE-664: Improper Control of a Resource Through its Lifetime
Access to ADM IP
Da der ADM Zugangsdaten & Zugriff auf die konfigurierten Instanzen hat, wird empfohlen die Sicherheitslücke rasch zu schliessen in dem die ADM Instanz auf eine der folgenden Versionen aktualisiert wird:
Citrix ADM 13.1-21.53 and later versions of 13.1
Citrix ADM 13.0-85.19 and later versions of 13.0
Als Mitigation kann versucht werden die ADM Management IP über eine Firewall zu sperren.
Normalerweise ist das ADM nur von intern zugänglich wodurch das Risiko einer Ausnutzung der Schwachstelle relativ klein ist. Ein Angreifer müsste bereits Zugang zum internen Netz haben. Wie die Schwachstelle ausgenutzt werden kann ist bisher unbekannt.
Für detaillierte Informationen und weitere Schritte, folgen Sie bitte den Informationen im Original Citrix Artikel. Gerne unterstützen wir Sie bei bedarf bei dem Update.
A vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows). If exploited, this issue would allow an adversary, who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM. This issue has the following identifier:
CVE-ID
Description
CWE
Pre-conditions
CVE-2022-21827
Arbitrary corruption or deletion of files as SYSTEM
CWE-284: Improper Access Control
Local access to a machine that has the vulnerable plug-in installed
The following supported versions of Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) are affected by this vulnerability:
Citrix Gateway Plug-in for Windows versions before 21.9.1.2
What Customers Should Do
This issue has been addressed in the following versions of Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows):
Citrix Gateway Plug-in for Windows version 21.9.1.2 and later releases
