Skip to Content

Thousands of Citrix Servers and Devices Remain Unpatched and Vulnerable to Critical Flaws

Updated on 2022-12-29

Thousands of Citrix servers still remain vulnerable to attacks due to two critical security flaws that received patches in recent months. The flaws can be abused to perform remote command execution.

Updated on 2022-12-28: Thousands of Citrix Servers Remain Unpatched

Within the past two months, Citrix has released updates to address two critical flaws: unauthorized access to gateway user capabilities (CVE-2022-27510) and unauthenticated remote arbitrary code execution (CVE-2022-27518). Despite the fact that Citrix released fixes for the flaws on November 8 (CVE-2022-27510) and December 13 (CVE-2022-27518), thousands of Citrix Application Delivery Controller (ADC) and Gateway endpoints remain unpatched.

Update adoption for CVE-2022-27510 and CVE-2022-27518 as of December 28th 2022.

Top 20 Citrix ADC/Gateway versions on the Internet as of December 28th 2022.


  • The headline should probably read “Thousands of Citrix Servers are Compromised”. If your system is still not patched: Assume it to be compromised.
  • Remember when you were certain nobody knew your stuff was not updated because “reasons?” Those days are gone, services like Shodan and Censys are really good at discovery and providing that information. Keep anything directly accessible to the Internet, including boundary protection and remote access services, at the top of your update and monitor list. If you’re not patching because you can’t get the downtime, you may want to recall that the cost of a single breach (CISA puts that at USD 10.1M for 2022) is likely more than the cost of implementing high-availability or the productivity hit for those few outages needed to stay current.

Overview: Citrix exposure

Fox-IT researchers said they found thousands of Citrix ADC and Gateway devices that are currently available online and vulnerable to CVE-2022-27518, a zero-day vulnerability that was exploited in the wild by Chinese state-sponsored hackers earlier this month. Read more:

    Ads Blocker Image Powered by Code Help Pro

    It looks like you are using an adblocker.

    Ads keep our content free. Please consider supporting us by allowing ads on