Skip to main content

CVE-2022-27511 - Critical Vulnerability in Citrix Application Delivery Management

On Tuesday, June 14, 2022, Citrix released patches for multiple vulnerabilities, including CVE-2022-27511, an unauthenticated remote privilege escalation vulnerability affecting Citrix Application Delivery Management (ADM). The vulnerability allows an unauthenticated user to remotely corrupt an affected system to reset the administrator password at the next device reboot.

Successful exploitation allows a threat actor to gain initial access using the default credentials via SSH after a device reboot.

We have not observed a proof-of-concept (PoC) exploit published for this vulnerability; however, we assess threat actors will focus their research efforts on developing a working exploit in order to gain initial access to critical environments leveraging vulnerable versions of Citrix ADM in the near-term.

Impacted Products

Product

Affected Versions

Fixed Versions

Citrix Application Delivery Management (ADM)

  • 13.1 before 13.1-21.53
  • 13.0 before 13.0-85.19
  • 13.1-21.53 and later
  • 13.0-85.19 and later

Recommendations

Recommendation #1: Apply the Available Updates or Upgrade to a Fixed Version of Citrix ADM

Our primary recommendation is to apply the patch provided by Citrix for this vulnerability as soon as possible against all affected systems.

Note: Arctic Wolf recommends the following change management best practices for testing the workaround in a dev environment before deploying to production systems.

Patch information for the affected systems can be found here.

References

About the Author

Sule Tatar is a Product Marketing Manager at Arctic Wolf, where she does research on security trends and brings groundbreaking cybersecurity products and services to market. She has extensive experience in the B2B cybersecurity space and holds a bachelor's degree in computer engineering and an MBA.

Profile Photo of Sule Tatar