This week, Citrix issued patches for three vulnerabilities impacting their Gateway and ADC products. According to Citrix, the vulnerabilities (CVE-2022- 27510, CVE-2022-27513, and CVE-2022-27516) could allow an attacker to bypass authentication and launch a phishing attack, leading to remote desktop takeover. They could also bypass brute force protection.
Appliances configured as a VPN are the most vulnerable to attacks. CVE-2022-27510 has a CVSS score of 9.8 and is critical, impacting appliances operating as a gateway (appliances using the SSL VPN functionality or deployed as an ICA proxy with authentication enabled). The following supported versions of Citrix ADC and Citrix Gateway are affected by the flaws:
Please note that all versions prior to 12 are end-of-life and users should upgrade to a supported version. Citrix’s advisory stated that they are currently notifying customers and channel partners about the security issue through the publication of their security bulletin on the Citrix Knowledge Center.
VMware also warned customers about three critical vulnerabilities this week. CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687 impact VMware’s Workspace ONE Assist solution and have a CVSS score of 9.8.
The vulnerabilities are authentication bypass flaws and could allow an attacker with network access to VMware’s Workspace ONE to gain administrative access without being required to authenticate to the application.
Workspace ONE Assist is primarily used by tech support to troubleshoot IT issues for employees. The software operates with the highest levels of privilege. If threat actors are able to use Workspace ONE Assist as an initial access point, it could be devastating for organizations. VMware recommends that all users update to Workspace ONE Assist 22.10 as soon as possible.
At this time, there are no known IoCs associated with the above vulnerabilities. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.
Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516
Patch ASAP: Critical Citrix, VMware Bugs Threaten Remote Workspaces With Takeover (darkreading.com)
Citrix Patches Critical Vulnerability in Gateway, ADC | SecurityWeek.Com
VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software (thehackernews.com)