Category:
Vulnerability Intelligence |
Vulnerability Class:
Remote Code Execution |
CVE ID:
CVE-2022-27518 |
CVSS:3.0 Score:
9.8 |
---|
THREAT | IMPACT | MITIGATION |
---|---|---|
|
Threat actors can exploit the vulnerabilities to
|
Update to the latest versions:
|
CVE-2022-27518 is a critical and high-severity vulnerability, with a CVSS:3.0 score of 9.8, affecting Citrix ADC and Citrix Gateway that was disclosed on 13 December 2022 by Citrix. It allows an unauthenticated remote attacker to perform arbitrary code execution on a vulnerable appliance.
Citrix and NSA mentioned that they have observed exploitation attempts in the wild, which have been attributed to APT 5. Several other cyber criminals have also shown interest in buying exploits for the vulnerability.
As of now, there is no publicly available exploit. However, this scenario is expected to change as soon as a viable exploit is created and shared publicly.
The following table lists the Citrix products and their versions affected by this vulnerability.
SNo. | Product Name | Affected Versions | Updated versions |
---|---|---|---|
1. | Citrix ADC and Citrix Gateway | 13.0 before 13.0-58.32 | 13.0-58.32 and later releases of 13.0 |
2. | Citrix ADC and Citrix Gateway | 12.1 before 12.1-65.25 | 12.1-65.25 and later releases of 12.1 |
3. | Citrix ADC 12.1-FIPS | before 12.1-55.291 | 12.1-55.291 and later releases of 12.1-FIPS |
4. | Citrix ADC 12.1-NDcPP | before 12.1-55.291 | 12.1-55.291 and later releases of 12.1-NDcPP |
The NSA has issued an advisory warning about a critical vulnerability affecting Citrix ADC and Citrix Gateway. According to the NSA and Citrix, APT5 – a Chinese state-backed threat actor known to target telecommunications and technology companies, is actively exploiting this vulnerability.
Shodan searches suggest that Citrix Gateway is used by a large number of organizations worldwide.
Based on the results from VirusTotal, the following are the IOCs for APT5.
Hashes | |
---|---|
ed0c77d57643f07a19430c5671a21c0c77cd7439ac2cd912887f141c6fe41d4a | |
074c472406e38385fe769fbaaa72c7259247f42ef1b9140f31228afc66afbc67 | |
0f5b183bbf24a075450be4d603de2a02d7cc0e2eef9942c540ae1503b0c38b1d | |
Names | |
vti-rescan | x.exe |
mgc.exe | netmgr.exe |
Hostname | |
tsl.gettrials.com |