It is informed that the CVE-2022-27510, CVE-2022-27518 vulnerability is actively being exploited in large numbers. We would like to know if the IFS systems are vulnerable to this exploit and if yes if mitigation measures have been taken.
https://www.heise.de/news/Jetzt-patchen-Tausende-Citrix-Server-sind-noch-verwundbar-7445281.html
Hi Alex,
The following vulnerabilities have been discovered in Citrix Gateway and Citrix ADC.
| CVE-ID | Description | OS versions of Citrix ADC and Citrix Gateway are affected by this vulnerability |
| CVE-2022-27518 | Unauthenticated remote arbitrary code execution | Citrix ADC and Citrix Gateway 13.0 before 13.0-58.32 |
| Citrix ADC and Citrix Gateway 12.1 before 12.1-65.25 | ||
| Citrix ADC 12.1-FIPS before 12.1-55.291 | ||
| Citrix ADC 12.1-NDcPP before 12.1-55.291 | ||
| CVE-2022-27510 | Unauthorized access to Gateway user capabilities | Citrix ADC and Citrix Gateway 13.1 before 13.1-33.47 |
| Citrix ADC and Citrix Gateway 13.0 before 13.0-88.12 | ||
| Citrix ADC and Citrix Gateway 12.1 before 12.1.65.21 | ||
| Citrix ADC 12.1-FIPS before 12.1-55.289 | ||
| Citrix ADC 12.1-NDcPP before 12.1-55.289 |
Please keep in mind that IFS Citrix ADC has updated 13.0 sub version that is not effected by these vulnerabilities.
Thank You!
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.