Citrix is urging customers to install security updates to address a critical authentication bypass issue, tracked as CVE-2022-27510, in Citrix ADC and Citrix Gateway.
The company addressed the following three vulnerabilities:
“Note that only appliances that are operating as a Gateway (appliances using the SSL VPN functionality or deployed as an ICA proxy with authentication enabled) are affected by the first issue, which is rated as a Critical severity vulnerability.” reads the security bulletin published by Citrix.
The vendor recommends to install the relevant updated versions as soon as possible:
The three vulnerabilities affecting both Citrix Gateway and Citrix ADC are the following:
The company highlights that ADC and Gateway versions prior to 12.1 are EOL and recommends customers on those versions to upgrade to one of the supported versions.
“Customers using Citrix-managed cloud services do not need to take any action.” concludes the bulletin.
Follow me on Twitter: @securityaffairs and Facebook
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – hacking, Citrix)