Citrix urges admins to patch these dangerous flaws immediately

Three high-severity flaws discovered across two Citrix products

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Citrix has released a fix for three high-severity vulnerabilities discovered in two of its popular products, and is now urging users to apply the patch immediately.

The company has fixed three flaws found in Citrix ADC and Citrix Gateway. ADC is a load-balancing solution for cloud applications, apparently used by many enterprises to ensure uninterrupted availability and high performance.

Gateway, on the other hand, is an SSLVPNservice that enables secureremote accesswith identity and access management features, and the linked flaw has been “widely deployed” in the cloud or on-prem company servers.

Abusable under specific circumstances

The flaws in question are tracked as CVE-2022-27510, CVE-2022-27513, and CVE-2022-25716. The former allows threat actors to bypass authentication measures using alternate paths and channels. To abuse the flaw, Gateway needs to be configured as VPN.

The second vulnerability is an insufficient data authenticity verification flaw, which allows threat actors to take over a desktopendpointremotely, via phishing. For this flaw, Gateway needs to be configured as VPN, with RDP proxy functionality configured, as well.

The final flaw allows cybercriminals to bypass login brute force protection mechanisms. For the vulnerability to be used, the appliance needs to be configured as VPN, or AAA virtual server with “Max Login Attempts” configuration.

Citrix confirms its VM software will run Windows 11, eventually>Many businesses still haven’t patched Citrix flaw>Here’s our rundown of the best firewalls right now

“Note that only appliances that are operating as a Gateway (appliances using the SSL VPN functionality or deployed as an ICA proxy with authentication enabled) are affected by the first issue, which is rated as a Critical severity vulnerability,” Citrix explained.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“Affected customers of Citrix ADC and Citrix Gateway are recommended to install the relevant updated versions of Citrix ADC or Citrix Gateway as soon as possible,” the company further added.

Here is the list of the affected software and its versions:

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

7 myths about email security everyone should stop believing

I’ve used Genmoji and now I’m convinced Apple Intelligence will be a huge success