Recently, Citrix released patches for different vulnerabilities, including CVE-2022-27511 and CVE-2022-27512, authenticated remote privilege escalation vulnerabilities that affect Citrix Application Delivery Management (ADM). These vulnerabilities allow authenticated users to corrupt an affected system remotely to reset the admin password at the next device reboot. So, want to know How to fix CVE-2022-27511 (Security Bypass Vulnerability in Citrix ADM) & CVE-2022-27512, you are at the right place.
Successful exploitation of these vulnerabilities allows a hacker to gain initial access using default credentials using SSH after a device reboot. Apart from it, the security bypass vulnerability in Citrix ADM can cause temporary disruption of the ADM license service. Threat actors will focus on developing a working exploit to access critical environments using vulnerable versions of Citrix ADM. Therefore, it’s necessary to fix these vulnerabilities. This article will highlight how to fix CVE-2022-27511, a security bypass vulnerability in Citrix ADM.
Small Introduction To Citrix ADM
Citrix Application Delivery and Management (ADM) is a web-based solution to manage all Citrix deployments. These include Citrix ADC MPX, Citrix ADC SDX, Citrix ADC VPX, Citrix ADC BLX, Citrix ADC CPX, and Citrix Secure Web Gateway deployed on-premise or on the cloud.
You can use this cloud solution to monitor, manage, and troubleshoot the entire global application delivery infrastructure from a unified and centralized cloud-based console. It provides all the capabilities needed to quickly deploy and manage application delivery in Citrix ADC deployments with rich performance analytics, application health, and security.
Summary Of CVE-2022-27511 & CVE-2022-27512
CVE-2022-27511 is an improper access control vulnerability in the Citrix ADM. According to Citrix’s advisory, a remote unauthenticated user could exploit the vulnerability to reset the admin password for the platform following a reboot. Once the vulnerable device is rebooted, the attacker could connect to the ADM via default admin credentials, but only if they have SSH access to the device.
CVE-2022-27512 is a vulnerability caused by improper control of a resource throughout its life. A remote, unauthenticated user could exploit the vulnerability to cause a temporary disruption of the ADM license resulting in the ADM platform being unable to renew the existing license.
|A security bypass vulnerability in Citrix ADM
|CWE-284: Improper Access Control
|Access to ADM IP
|A vulnerability in Citrix ADM that lead to Denial of Service attacks.
|CWE-664: Improper Control of a resource throughout its life
|Access to ADM IP
Citrix ADM Versions Affected By Security Bypass Vulnerability
All supported versions of the Citrix ADM agent and Citrix ADM server are affected by the security bypass vulnerability in Citrix ADM. However, Citrix ADM 13.1 and 13.0 versions are in support.
|Citrix Application Delivery Management (ADM)
|13.1 before 13.1-21.5313.0 before 13.0-85.19
|13.1-21.53 and later13.0-85.19 and later
How To Fix CVE-2022-27511(2), Security Bypass Vulnerability in Citrix ADM?
Citrix strongly recommends that the network traffic to Citrix ADM’s IP address is segmented, either logically or physically, from the standard network traffic. It will reduce the risks of exploitation of these issues. Users are recommended to upgrade the Citrix ADM to fix the CVE-2022-27511 and CVE-2022-27512 vulnerabilities.
How To Upgrade The Citrix ADM?
Here are the steps to follow.
- Log on to Citrix ADM with administrator credentials.
- Navigate to System>System Administration. Click the Upgrade Citrix ADM under the System Administration.
- Select the Clean software image on the successful upgrade checkbox on the Upgrade Citrix ADM to delete image files after the upgrade. Selecting this option deletes the Citrix ADM image files upon upgrade.
- You can then upload a new image file by selecting the Local or Appliance. The build file should be present on the Citrix ADM virtual appliance.
- Click OK.
- The Upgrade ADM pages show a few details, such as the selected version, file name, and estimated completion time. Click Upgrade.