Citrix has warned users of its Application Delivery Management software that a security vulnerability in the product allows an attacker to reset the admin password.
ADM is a web-based management interface for various on-premises and cloud-hosted Application Delivery Controller products as well as Citrix Gateway and Citrix Secure Web Gateway.
In its advisory, Citrix explained that the vulnerability – CVE-2022-27511 – allows a remote, unauthenticated user to corrupt the system.
“The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted,” it said.
A second, less severe vulnerability was disclosed as CVE-2022-27512: an attacker can disrupt the ADM licence service, preventing new licenses being issued or renewed.
“All supported versions of Citrix ADM server and Citrix ADM agent are affected by this…