CVE-2022-27518
Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability
CVSS
—
No CVSS
EPSS
6.9%
p93
KEV
YES
Dec 13, 2022
Exploit Today
78
0-100
Published: — · Last modified: —
Product
Citrix / Application Delivery Controller (ADC) and Gateway
Vulnerability
Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability
Added to KEV
Dec 13, 2022
Remediate by
Jan 3, 2023
Known ransomware use
No
Summary description
Citrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to execute code as administrator.
Required action
Apply updates per vendor instructions.
Notes
https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/; https://nvd.nist.gov/vuln/detail/CVE-2022-27518
No related CVEs by CWE or product.