Thousands of Citrix ADC and Gateway deployments remain vulnerable to two critical-severity security issues that the vendor fixed in recent months.
The first flaw is CVE-2022-27510, fixed on November 8. It’s an authentication bypass that affects both Citrix products. An attacker could exploit it to gain unauthorized access to the device, perform remote desktop takeover, or bypass the login brute force protection.
The second bug is tracked as CVE-2022-27518, disclosed and patched on December 13. It allows unauthenticated attackers to perform remote command execution on vulnerable devices and take control of them.
Threat actors had already been exploiting CVE-2022-27518 when Citrix published a security update to fix it.
Today, researchers at NCC Group’s Fox IT team report that while most public-facing Citrix endpoints have been updated to a safe version, thousands remain vulnerable to attacks.
Fox IT analysts scanned the web on November 11, 2022 and found a total of 28,000 Citrix servers online.