Citrix Products Remote Code Execution Vulnerability
RISK: Extremely High Risk
TYPE: Servers - Other Servers
A vulnerability was identified in Citrix Products. A remote attacker could exploit a vulnerability to trigger remote code execution on the targeted system.
CVE-2022-27518 is being exploited in the wild. If exploited, could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance.
- Remote Code Execution
System / Technologies affected
Citrix ADC and Citrix Gateway 13.0 before 13.0-58.32
Citrix ADC and Citrix Gateway 12.1 before 12.1-65.25
Citrix ADC 12.1-FIPS before 12.1-55.291
Citrix ADC 12.1-NDcPP before 12.1-55.291
Please refer to the link below for detail:
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
Citrix ADC and Citrix Gateway 13.0-58.32 and later releases
Citrix ADC and Citrix Gateway 12.1-65.25 and later releases of 12.1
Citrix ADC 12.1-FIPS 12.1-55.291 and later releases of 12.1-FIPS
Citrix ADC 12.1-NDcPP 12.1-55.291 and later releases of 12.1-NDcPP
Please note that Citrix ADC and Citrix Gateway versions prior to 12.1 are EOL and customers on those versions are recommended to upgrade to one of the supported versions.