Hackers Exploit Citrix ADC and Citrix Gateway Zero-day Vulnerability to Gain Access to Corporate Networks

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Post Sharing

The Citrix Gateway and Citrix ADC both contain vulnerabilities that have been discovered recently. In short, there is a critical zero-day vulnerability identified as “CVE-2022-27518” by Citrix in both of its products that we have mentioned above, which should be fixed immediately by administrators.

State-sponsored hackers are actively exploiting this vulnerability to gain access to corporate networks from which they can conduct malware attacks.

There is a new vulnerability in Windows that provides attackers with the ability to remotely take control of vulnerable devices using unauthenticated commands.

Affected Versions

Citrix ADC and Citrix Gateway are affected by this vulnerability, which affects the following versions:-

  • Citrix ADC and Citrix Gateway 13.0 before 13.0-58.32
  • Citrix ADC and Citrix Gateway 12.1 before 12.1-65.25
  • Citrix ADC 12.1-FIPS before 12.1-55.291
  • Citrix ADC 12.1-NDcPP before 12.1-55.291

Fixed Versions

In a recent warning from Citrix, they advised administrators that it was important to update immediately as these vulnerabilities are currently being exploited by attackers.

Here below we have mentioned the fixed version:-

  • Citrix ADC and Citrix Gateway 13.0-58.32 and later releases 
  • Citrix ADC and Citrix Gateway 12.1-65.25 and later releases of 12.1 
  • Citrix ADC 12.1-FIPS 12.1-55.291 and later releases of 12.1-FIPS  
  • Citrix ADC 12.1-NDcPP 12.1-55.291 and later releases of 12.1-NDcPP 

Only appliances configured in a way that is compatible with the following configuration:-



  • SAML IdP

Version 13.1 of Citrix ADC and Citrix Gateway does not have any of the security issues caused by CVE-2022-27518, so upgrading your system to it will resolve this issue. The following versions should be upgraded to the latest available build if they are using an older version:-

  • 12.0 branch (
  • 13.0 branch (

Moreover, users of Citrix-managed cloud services do not need to take any action in order to use their cloud services effectively. Citrix, however, does not appear to have provided any information regarding the technicalities of exploiting this new vulnerability.

There are several builds that were released on December 13, 2022, which Citrix recommends applying. Unless you disable SAML authentication or upgrade the build to the latest version, there is no workaround available.

Furthermore, even though there are Web Application Firewall signatures available for this vulnerability, it is not possible to fix it.

Penetration Testing As a Service – Download Red Team & Blue Team Workspace