9.8

CVE-2022-27518

Warnung

Unauthenticated remote arbitrary code execution

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CitrixApplication Delivery Controller Firmware SwEditionfips Version >= 12.1 < 12.1-55.291
CitrixApplication Delivery Controller Firmware SwEditionndcpp Version >= 12.1 < 12.1-55.291
CitrixApplication Delivery Controller Firmware Version >= 12.1 < 12.1-65.25
CitrixApplication Delivery Controller Firmware Version >= 13.0 < 13.0-58.32
CitrixGateway Firmware Version >= 12.1 < 12.1-65.25
   CitrixGateway Version-
CitrixGateway Firmware Version >= 13.0 < 13.0-58.32
   CitrixGateway Version-

13.12.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability

Schwachstelle

Citrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to execute code as administrator.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 12.37% 0.936
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
secure@citrix.com 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-664 Improper Control of a Resource Through its Lifetime

The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.