Skip to Content

Thousands of Citrix Servers and Devices Remain Unpatched and Vulnerable to Critical Flaws

By: Author Alex Lim

Posted on Last updated:

Home > Thousands of Citrix Servers and Devices Remain Unpatched and Vulnerable to Critical Flaws

Updated on 2022-12-29

Thousands of Citrix servers still remain vulnerable to attacks due to two critical security flaws that received patches in recent months. The flaws can be abused to perform remote command execution.

Updated on 2022-12-28: Thousands of Citrix Servers Remain Unpatched

Within the past two months, Citrix has released updates to address two critical flaws: unauthorized access to gateway user capabilities (CVE-2022-27510) and unauthenticated remote arbitrary code execution (CVE-2022-27518). Despite the fact that Citrix released fixes for the flaws on November 8 (CVE-2022-27510) and December 13 (CVE-2022-27518), thousands of Citrix Application Delivery Controller (ADC) and Gateway endpoints remain unpatched.

Update adoption for CVE-2022-27510 and CVE-2022-27518 as of December 28th 2022.

Top 20 Citrix ADC/Gateway versions on the Internet as of December 28th 2022.

Note

  • The headline should probably read “Thousands of Citrix Servers are Compromised”. If your system is still not patched: Assume it to be compromised.
  • Remember when you were certain nobody knew your stuff was not updated because “reasons?” Those days are gone, services like Shodan and Censys are really good at discovery and providing that information. Keep anything directly accessible to the Internet, including boundary protection and remote access services, at the top of your update and monitor list. If you’re not patching because you can’t get the downtime, you may want to recall that the cost of a single breach (CISA puts that at USD 10.1M for 2022) is likely more than the cost of implementing high-availability or the productivity hit for those few outages needed to stay current.

Overview: Citrix exposure

Fox-IT researchers said they found thousands of Citrix ADC and Gateway devices that are currently available online and vulnerable to CVE-2022-27518, a zero-day vulnerability that was exploited in the wild by Chinese state-sponsored hackers earlier this month. Read more:

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.