Citrix urges administrators to apply security updates for a zero-day vulnerability, tracked as CVE-2022-27518, in Citrix ADC and Gateway. The vulnerability is actively exploited by China-linked threat actors to gain access to target networks.
“We are aware of a small number of targeted attacks in the wild using this vulnerability.” reads a blog post published by the technology giant.
An unauthenticated, remote attacker can trigger the vulnerability to gain arbitrary code execution on the vulnerable appliance.
“A vulnerability has been discovered in Citrix Gateway and Citrix ADC, listed below, that, if exploited, could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance. ” reads the advisory published by the company. “Exploits of this issue on unmitigated appliances in the wild have been reported. The company strongly urges affected customers of Citrix ADC and Citrix Gateway to install the relevant updated versions of Citrix ADC or Gateway as soon as possible”
According to the company, the vulnerability impacts Citrix ADC and Citrix Gateway 12.1 and 13.0 before 13.0-58.32 builds. ADC and Gateway version 13.1 is unaffected.
The company urges customers who are using an impacted build with a SAML SP or IdP configuration to install the recommended versions immediately.
The advisory points out that there are no workarounds for this vulnerability.
Administrators can determine the configuration of their installation by inspecting the “ns.conf” file for the following two commands:
The National Security Agency (NSA) has also released a Cybersecurity Advisory (CSA) with detection and mitigation guidance for tools leveraged by a malicious actor against ADC and Gateway.
According to the intelligence agency, China-linked APT5 hackers (aka UNC2630 and MANGANESE) demonstrated capabilities against Application Delivery Controller (ADC™) deployments.
“As such, NSA, in collaboration with partners, has developed this threat hunting guidance to provide steps organizations can take to look for possible artifacts of this type of activity. Please note that this guidance does not represent all techniques, tactics, or procedures (TTPs) the actors may use when targeting these environments.” reads the NSA’s advisory. “This activity has been attributed to APT5, also known as UNC2630 and MANGANESE.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, APT5)
[adrotate banner=”5″]
[adrotate banner=”13″]
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
This website uses cookies.