Citrix ADC and Citrix Gateway are affected by a critical authentication bypass flaw
08-Nov-22
Citrix ADC (formerly NetScaler ADC) is an application delivery and load balancing solution that delivers visibility into applications across multiple cloud environments.The newly identified vulnerabilities, Citrix says, could be exploited to bypass authentication (CVE-2022-27510, CVSS score of 9.8), launch a phishing attack leading to remote desktop takeover (CVE-2022-27513, CVSS score of 8.3), and bypass brute force protections (CVE-2022-27516, CVSS score of 5.3)..“Appliances that are operating as a gateway (appliances using the SSL VPN functionality or deployed as an ICA proxy with authentication enabled) are affected by the first issue, which is rated as a critical severity vulnerability,” Citrix says.
