Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities

Dec 29, 2022Ravie LakshmananServer Security / Citrix

Thousands of Citrix Application Delivery Controller (ADC) and Gateway endpoints remain vulnerable to two critical security flaws disclosed by the company over the last few months.

The issues in question are CVE-2022-27510 and CVE-2022-27518 (CVSS scores: 9.8), which were addressed by the virtualization services provider on November 8 and December 13, 2022, respectively.

While CVE-2022-27510 relates to an authentication bypass that could be exploited to gain unauthorized access to Gateway user capabilities, CVE-2022-27518 concerns a remote code execution bug that could enable the takeover of affected systems.


Citrix and the U.S. National Security Agency (NSA), earlier this month, warned that CVE-2022-27518 is being actively exploited in the wild by threat actors, including the China-linked APT5 state-sponsored group.

Citrix Servers
Citrix Servers

Now, according to a new analysis from NCC Group’s Fox-IT research team, thousands of internet-facing Citrix servers are still unpatched, making them an attractive target for hacking crews.

This includes over 3,500 Citrix ADC and Gateway servers running version 12.1-65.21 that are susceptible to CVE-2022-27518, as well as more than 500 servers running 12.1-63.22 that are vulnerable to both flaws.

A majority of the servers, amounting to no less than 5,000, are running 13.0-88.14, a version that’s immune to CVE-2022-27510 and CVE-2022-27518.

A country-wise breakdown shows that more than 40% of servers located in Denmark, the Netherlands, Austria, Germany, France, Singapore, Australia, the U.K., and the U.S. have been updated, with China faring the worst, where only 20% of nearly 550 servers have been patched.

Fox-IT said it was able to deduce the version information from an MD5-like hash value present in the HTTP response of login URL (i.e., “ns_gui/vpn/index.html”) and mapping it to their respective versions.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Cyber Security

Articles You May Like

Experts Warn of ‘Ice Breaker’ Cyberattacks Targeting Gaming and Gambling Industry
Amazon Increases Minimum Purchase Amount on Amazon Fresh for Prime Members
Facebook Asks UK Tribunal to Block $3.7 Billion Mass Action Lawsuit Over Market Dominance
India Among Top 3 Nations Contributing Active Users Growth for Facebook: Meta
WhatsApp Banned Around 37 Lakh User Accounts in India in December 2022, Slightly Lower Than November

Leave a Reply

Your email address will not be published. Required fields are marked *