Citrix Warns of Critical Authentication Bypass Flaw in Gateway, ADC


Citrix is urging users to apply updates addressing a critical authentication bypass vulnerability in Citrix Gateway and ADC.

Flaws in Citrix’s Gateway SSL VPN solution and Citrix ADC, an application delivery controller that analyzes, distributes and secures network traffic for web applications, have historically been leveraged by threat actors in attacks. This week, Citrix said the products contain an authentication bypass flaw (CVE-2022-27510), which could give attackers unauthorized access to Citrix Gateway user capabilities. Satnam Narang, senior staff research engineer with Tenable, said that the flaw “could be exploited by an attacker as an initial access vector into a network.”

Citrix’s new security update for Gateway and ADC also addresses a flaw (CVE-2022-27513) stemming from insufficient verification of the authenticity of data that could allow attackers to remotely take over a desktop (via phishing), and a protection mechanism failure (CVE-2022-27516)…

Source link


Please enter your comment!
Please enter your name here