CVE-2022-27510, the initial flaw, was resolved on November 8. The issue involves an authentication bypass that impacts both Citrix products. An attacker might take use of it to circumvent the login brute force security, perform remote desktop takeover, or obtain unauthorised access to the device.
On December 13, the second flaw was discovered and patched under the identification CVE-2022-27518. It enables remote command execution on weak devices and remote command takeover by unauthenticated attackers.