Best Top Reviews Online

Citrix Urges Administrators To Immediately Patch These Vulnerabilities

Three critical vulnerabilities were discovered in two Citrix products.

Citrix has released a patch for three critical vulnerabilities found in two of its most popular products and is now urging users to apply the patch immediately.

Citrix ADC and Citrix Gateway were patched for three vulnerabilities. ADC is a load-balancing solution for cloud applications that are utilized by a large number of businesses to ensure high availability and performance.

Gateway, on the other hand, is an SSL VPN service that enables secure remote access with identity and access management features, and the linked vulnerability has been “widely deployed” in cloud and on-premises company servers.

Abusable under specific circumstances

These vulnerabilities are identified as CVE-2022-27510, CVE-2022-27513, and CVE-2022-25716. The former enables threat actors to circumvent authentication measures by utilizing alternative paths and channels. To exploit the vulnerability, Gateway must be configured as a VPN.

The second flaw is an insufficient data authenticity verification flaw that allows threat actors to remotely take control of a desktop endpoint via phishing. For this vulnerability, Gateway must be configured as a VPN, with RDP proxy functionality also configured.

The final vulnerability allows cybercriminals to circumvent brute force protection mechanisms for logins. To exploit the vulnerability, the appliance must be configured as a VPN or AAA virtual server with the “Max Login Attempts” setting enabled.

“Note that only appliances operating as a Gateway (appliances using the SSL VPN functionality or deployed as an ICA proxy with authentication enabled) are vulnerable to the first issue, which has a Critical severity rating,” explained Citrix.

“Affected customers of Citrix ADC and Citrix Gateway are advised to install the updated versions as soon as possible,” the company added.

The following is a list of affected software and their versions:

  • Citrix ADC and Citrix Gateway 13.1 before 13.1-33.47
  • Citrix ADC and Citrix Gateway 13.0 before 13.0-88.12
  • Citrix ADC and Citrix Gateway 12.1 before 12.1.65.21
  • Citrix ADC 12.1-FIPS before 12.1-55.289
  • Citrix ADC 12.1-NDcPP before 12.1-55.289

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus

Get more info

Deals

Reviews

Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer

BestTopReviewsOnline.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. As an Amazon Associate I earn from qualifying purchases.

 

Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 BestTopReviewsOnline.com Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of BestTopReviewsOnline.com.