Security Advisory: Citrix ADC and Gateway Authentication Bypass (Nov 2022)

10th November 2022 | Advisory, Blog

ADC and Gateway Vulnerabilities
November 10th, 2022: CyberHoot has learned of multiple authentication bypass vulnerabilities being reported in Citrix ADC and Gateway products. Patches are available and should be applied to impacted systems quickly. While there are no known reports of exploitation in the wild, the announcement of patches by Citrix allows hackers to reverse engineer patches leading quickly to working exploits. Patch quickly.

Overview:

Multiple vulnerabilities have been discovered in Citrix ADC and Gateway, the most severe of which could allow for Authentication Bypass. Citrix ADC and Gateway is an Application Delivery Controller and a gateway service to products respectively. Successful exploitation of the most severe of these vulnerabilities could result in Authentication Bypass. A malicious actor may be able to obtain administrative access. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.

Impacted Systems:

ADC and Gateway 13.1
ADC and Gateway 13.0
ADC and Gateway 12.1
ADC 12.1 FIPS
ADC 12.1-NDcPP

What Should You Do?

Companies should have an accurate inventory of all their hardware and software assets. Review those databases to determine your potential impact. You could also review vulnerability scan data for potential exposure. In all cases, if you find yourself exposed you should follow your vulnerability alert management process and patch according to the timelines it suggests. For CyberHoot vCISO clients, this is a Severity 1 issue that should be patched within 1-3 days.

Emergency Workaround if Patching is not Possible:

There are currently no known work-arounds to alleviate these risks outside of patching.

You have a Vulnerability Alert Management Process, right?

If you’re a subscriber to CyberHoot’s awareness training platform, you have access to our Policy and Process library which contains the Vulnerability Alert Management Process (VAMP) document. This document prescribes how to respond to situations like this and in what time frame. If your company has not yet adopted a VAMP-like process, now is a great time to get started.

If you’re a vCISO client, we’ve built this process for you and now you must execute according to the prescribed measures and timeframes. If you’re not a vCISO client or CyberHoot Product subscriber, perhaps you want to sign up here.