Citrix ADC (Netscaler) and Citrix Gateway Security Vulnerability

August 15, 2022 Zack Prichard

Citrix Security has discovered a vulnerability in Citrix ADC (formerly Netscaler) and Citrix Gateway, enabling an attacker to create a specially crafted URL redirecting to a malicious website. Citrix and OneNeck highly recommend that all customers utilizing these Citrix services take note of this vulnerability and determine if they are among those who may be affected.

Vulnerability Description

The vulnerability (CVE-ID: CVE-2022-27509 and CWE: CWE-345) is an unauthorized redirection to a malicious website. Additionally, two pre-conditions determine potential susceptibility. The first is that appliances must be configured and operating as a VPN (Gateway) or AAA virtual server. Secondly, the targeted victim must use an attacker-crafted link.

Affected Versions

According to Citrix, the following supported versions of Citrix ADC and Citrix Gateway have been affected by this vulnerability:

  • Citrix ADC and Citrix Gateway 13.1 before 13.1-24.38
  • Citrix ADC and Citrix Gateway 13.0 before 13.0-86.17
  • Citrix ADC and Citrix Gateway 12.1 before 12.1-65.15
  • Citrix ADC 12.1-FIPS before 12.1-55.282
  • Citrix ADC 12.1-NDcPP before 12.1-55.282

A critical aspect of which to note is that organizations using Citrix-managed cloud services are not in danger of being affected by this vulnerability and do not need to take additional action. However, those with customer-managed ADC and Gateway appliances should take the following steps.

The Solution

Citrix recommends those who are currently affected or could potentially be in the future install all relevant updated versions of Citrix ADC or Citrix Gateway.

Updated Versions:

  • Citrix ADC and Citrix Gateway 13.1-24.38 and later releases
  • Citrix ADC and Citrix Gateway 13.0-86.17 and later releases of 13.0
  • Citrix ADC and Citrix Gateway 12.1-65.15 and later releases of 12.1
  • Citrix ADC 12.1-FIPS 12.1-55.282 and later releases of 12.1-FIPS
  • Citrix ADC 12.1-NDcPP 12.1-55.282 and later releases of 12.1-NDcPP

OneNeck Can Help!

Based on the potential harm these vulnerabilities could cause an organization, OneNeck recommends installing updated versions immediately, and our experienced team is here to help. Through our long-standing partnership with Citrix, we will quickly and effectively assess your Citrix appliances and determine which units face the potential of being affected. We will install all necessary updates so that you can get back to doing what you do best, knowing that you and your clients are protected. So, please Contact Us or your account rep today and let us help you continue to run efficiently, effectively and securely.

This post Citrix ADC (Netscaler) and Citrix Gateway Security Vulnerability first appeared on OneNeck.

Previous Article
Why Consider a Hosted Private Cloud Solution
Why Consider a Hosted Private Cloud Solution

Cloud computing is an important business tool for companies that want to improve infrastructure flexibility...

Next Article
Windows Server 2012 will soon take its final bow.
Windows Server 2012 will soon take its final bow.

As of October 10, 2023, Microsoft is retiring support for the following platforms (both physical and virtua...