Thousands of Citrix ADC and Gateway instances could still be compromised by exploiting critical security vulnerabilities that have already been patched by Citrix, reports BleepingComputer.
More than 1,000 servers are vulnerable to CVE-2022-27510, an authentication bypass bug that could be leveraged to facilitate unauthorized device access, remote desktop takeovers, and login brute force protection bypass, which has been addressed by Citrix on Nov. 8, according to a report from NCC Group's Fox IT team. Meanwhile, some 3,500 systems are susceptible to exploits targeting CVE-2022-27518, which enables remote command execution and has been fixed on Dec. 13. Nearly 3,000 endpoints are estimated to be impacted by both vulnerabilities, researchers said. The report also showed that the U.S., Canada, Germany, Switzerland, and Australia were quick to remediate the vulnerabilities upon the release of security advisories. Researchers noted that the findings should prompt Citrix administrators with vulnerable instances to immediately apply the available fixes.
Vulnerability Management, Network Security
Patched critical vulnerabilities still not addressed in many Citrix servers
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds