Home / Vulnerabilities / CVE-2022-27518
CRITICAL SEVERITY
CVE-2022-27518Citrix · Application Delivery Controller (ADC) and Gateway

Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability

Technical Severity

CVSS v3.1 Metrics

CRITICAL
9.8 / 10
Minimal Risk Critical
Vector Specification
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitation Likelihood

EPSS Prediction

27.69 %
Predictive Probability
Percentile Rank
96.4 th

Documented as more likely to be exploited than 96.4% of known CVEs.

Detection Date

Dec 13, 2022

Remediation Due

Jan 03, 2023

CISA Catalog Active

Threat Analysis

Citrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to execute code as administrator.

Remediation Directive

Apply updates per vendor instructions.

External Intelligence

https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/

https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/

NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2022-27518