JPCERT-AT-2022-0033
JPCERT/CC
2022-12-14
Citrix
Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518
https://support.citrix.com/article/CTX474995/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227518
Citrix is aware of a small number of targeted attacks in the wild using this vulnerability. The users of the affected products are recommended to take actions such as applying updates according to the information provided by Citrix or other parties.
- Citrix ADC and Citrix Gateway 13.0 before 13.0-58.32
- Citrix ADC and Citrix Gateway 12.1 before 12.1-65.25
- Citrix ADC 12.1-FIPS before 12.1-55.291
- Citrix ADC 12.1-NDcPP before 12.1-55.291
The products are affected by the vulnerability if Citrix ADC or Citrix Gateway are configured as a SAML SP or a SAML IdP. Users can check the configuration file to determine if their Citrix ADC or Citrix Gateway is configured as a SAML SP or a SAML IdP.
- Citrix ADC and Citrix Gateway 13.0-58.32 and later releases
- Citrix ADC and Citrix Gateway 12.1-65.25 and later releases of 12.1
- Citrix ADC 12.1-FIPS 12.1-55.291 and later releases of 12.1-FIPS
- Citrix ADC 12.1-NDcPP 12.1-55.291 and later releases of 12.1-NDcPP
National Security Agency(NSA)
APT5: Citrix ADC Threat Hunting Guidance
https://media.defense.gov/2022/Dec/13/2003131586/-1/-1/0/CSA-APT5-CITRIXADC-V1.PDF
Citrix
Critical security update now available for Citrix ADC, Citrix Gateway
https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/
If you have any information regarding this alert, please contact JPCERT/CC.
JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/
JPCERT/CC
2022-12-14
I. Overview
On December 13, 2022 (local time), Citrix released information regarding a vulnerability (CVE-2022-27518) in Citrix Application Delivery Controller (Citrix ADC) and Citrix Gateway. An unauthenticated,remote attacker exploiting the vulnerability may execute arbitrary code.Citrix
Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518
https://support.citrix.com/article/CTX474995/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227518
Citrix is aware of a small number of targeted attacks in the wild using this vulnerability. The users of the affected products are recommended to take actions such as applying updates according to the information provided by Citrix or other parties.
II. Affected Products
The following products and versions are affected by this vulnerability.- Citrix ADC and Citrix Gateway 13.0 before 13.0-58.32
- Citrix ADC and Citrix Gateway 12.1 before 12.1-65.25
- Citrix ADC 12.1-FIPS before 12.1-55.291
- Citrix ADC 12.1-NDcPP before 12.1-55.291
The products are affected by the vulnerability if Citrix ADC or Citrix Gateway are configured as a SAML SP or a SAML IdP. Users can check the configuration file to determine if their Citrix ADC or Citrix Gateway is configured as a SAML SP or a SAML IdP.
III. Solution
Citrix has provided versions that addressed the vulnerability. Please consider updating to the versions by referring to the information provided by Citrix.- Citrix ADC and Citrix Gateway 13.0-58.32 and later releases
- Citrix ADC and Citrix Gateway 12.1-65.25 and later releases of 12.1
- Citrix ADC 12.1-FIPS 12.1-55.291 and later releases of 12.1-FIPS
- Citrix ADC 12.1-NDcPP 12.1-55.291 and later releases of 12.1-NDcPP
IV. Related information
On December 13, 2022 (local time), the US National Security Agency(NSA) released guidance on this vulnerability. NSA has confirmed attack activities that exploit this vulnerability, and provide steps to look for possible artifacts of this type of activity.National Security Agency(NSA)
APT5: Citrix ADC Threat Hunting Guidance
https://media.defense.gov/2022/Dec/13/2003131586/-1/-1/0/CSA-APT5-CITRIXADC-V1.PDF
V. References
Citrix
Critical security update now available for Citrix ADC, Citrix Gateway
https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/
If you have any information regarding this alert, please contact JPCERT/CC.
JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/