Summary

Citrix has recently patched a critical vulnerability in its Application Delivery Management (ADM).

Anonymous user having access to ADM platform, can corrupt the installed server in such a way that on next reboot the server credentials are reset to default (nsrecover/nsroot). Once the exploited device is rebooted, an attacker could connect to the ADM using default administrator credentials with SSH. One other vulnerability in Citrix, could allow an anonymous user to temporarily disrupt the services via a denial of service (DoS) attack on the server.

Solution

All supported versions of Citrix ADM server and Citrix ADM agent are affected by the vulnerabilities. Citrix has urged enterprise sysadmins to upgrade to the most recent versions of its technology. Citrix ADM 13.1-21.53, Citrix ADM 13.0-85.19, or subsequent releases. Customers using Citrix ADM service do not need to take any action, as it has been taken care by Citrix itself.

Citrix also recommends to segment network traffic to their ADM server.

CVEs

CVE-2022-27511 & CVE-2022-27512

Related CWEs

CWE-284, CWE-664, CWE-416

Resources

Citrix Application Delivery Management Security Bulletin for CVE-2022-27511 and CVE-2022-27512
• CERT In Vulnerability Note

Authors: Narendra Kumawat, Mahesh Saptarshi

For more information contact:contact@cybersecurist.com