TeamHood 
Citrix is asking its customers to deploy the security updates for a critical authentication bypass vulnerability in Citrix ADC and Citrix Gateway.
The vulnerabilities can enable attackers to gain unauthorized access to the device, perform remote desktop takeover, or bypass the login brute force protection.
As per Citrix security Bulletin “The only appliances that are operating as a Gateway (appliances using the SSL VPN functionality or deployed as an ICA proxy with authentication enabled) are affected by the first issue, which is rated as a Critical severity vulnerability,”
Citrix Gateway is an SSL VPN service providing secure remote access with identity and access management capabilities, widely deployed in the cloud or on on-premise company servers.
Citrix ADC is a load-balancing solution for cloud applications deployed in the enterprise, ensuring uninterrupted availability and optimal performance.
The following vulnerabilities are released as part of Citrix Advisory
CVE-2022-27516:Login brute force protection mechanism failure allowing its bypassing. This vulnerability can only be exploited if the appliance is configured as VPN (Gateway) or AAA virtual server with “Max Login Attempts” configuration.
CVE-2022-27513: Insufficient verification of data authenticity, allowing remote desktop takeover via phishing. The flaw is exploitable only if the appliance is configured as VPN (Gateway), and the RDP proxy functionality is configured.
CVE-2022-27510: Critical-severity authentication bypassing using an alternate path or channel, exploitable only if the appliance is configured as VPN (Gateway).
Citrix warns that “Affected customers of Citrix ADC and Citrix Gateway are recommended to install the relevant updated versions of Citrix ADC or Citrix Gateway as soon as possible,”
Following citrix versions are affected by the above vulnerabilities
- Citrix ADC and Citrix Gateway 13.1 before 13.1-33.47
- Citrix ADC and Citrix Gateway 13.0 before 13.0-88.12
- Citrix ADC and Citrix Gateway 12.1 before 12.1.65.21
- Citrix ADC 12.1-FIPS before 12.1-55.289
- Citrix ADC 12.1-NDcPP before 12.1-55.289
Customers who rely on Citrix for cloud-based management services don’t need to take any action, as the vendor has already applied the security updates.
The citrix versions before 12.1 do not need to take any actions on the vulnerabilities.
