{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2022-043.pdf"
    },
    "title": "Critical Vulnerability in Citrix ADM",
    "serial_number": "2022-043",
    "publish_date": "17-06-2022 12:44:00",
    "description": "On the 14th of June 2022, Citrix released security updates to address vulnerabilities in Application Delivery Management that could allow an unauthenticated attacker to log in as administrator.<br>All supported versions of Citrix ADM server and Citrix ADM agent are affected by this vulnerability.",
    "url_title": "2022-043",
    "content_markdown": "---\ntitle: 'Critical Vulnerability in Citrix ADM'\nversion: '1.0'\nnumber: '2022-043'\noriginal_date: 'June 14, 2022'\ndate: 'June 17, 2022'\n---\n\n_History:_\n\n* _17/06/2022 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn the 14th of June 2022, Citrix released security updates to address vulnerabilities in Application Delivery Management that could allow an unauthenticated attacker to log in as administrator [1].\n\nAll supported versions of Citrix ADM server and Citrix ADM agent are affected by this vulnerability [2].\n\n# Technical Details\n\nThe vulnerabilities affects Citrix Application Delivery Management (Citrix ADM), when exploited it could result in the following security issues: \n\n- `CVE-2022-27511` - Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted. \n- `CVE-2022-27512` - Temporary disruption of the ADM license service. The impact of this includes preventing new licenses from being issued or renewed by Citrix ADM.\n\n# Affected Products\n\n- Citrix ADM 13.0 before 13.0-85.19\n- Citrix ADM 13.1\u202fbefore\u202f13.1-21.53\n\nCitrix has already updated the ADM cloud service, customers using it do not need to take additional action [1].\n\n# Recommendations\n\nCERT-EU recommends to apply the patches provided by Citrix as soon as possible [2]. As a mitigation factor, Citrix recommends that network traffic to the Citrix ADM\u2019s IP address is segmented, either physically or logically, from standard network traffic [2].\n\n# References\n\n[1] <https://www.securityweek.com/attackers-can-exploit-critical-citrix-adm-vulnerability-reset-admin-passwords>\n\n[2] <https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>17/06/2022 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On the 14th of June 2022, Citrix released security updates to address vulnerabilities in Application Delivery Management that could allow an unauthenticated attacker to log in as administrator [1].</p><p>All supported versions of Citrix ADM server and Citrix ADM agent are affected by this vulnerability [2].</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerabilities affects Citrix Application Delivery Management (Citrix ADM), when exploited it could result in the following security issues: </p><ul><li><code>CVE-2022-27511</code> - Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted. </li><li><code>CVE-2022-27512</code> - Temporary disruption of the ADM license service. The impact of this includes preventing new licenses from being issued or renewed by Citrix ADM.</li></ul><h2 id=\"affected-products\">Affected Products</h2><ul><li>Citrix ADM 13.0 before 13.0-85.19</li><li>Citrix ADM 13.1\u202fbefore\u202f13.1-21.53</li></ul><p>Citrix has already updated the ADM cloud service, customers using it do not need to take additional action [1].</p><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU recommends to apply the patches provided by Citrix as soon as possible [2]. As a mitigation factor, Citrix recommends that network traffic to the Citrix ADM\u2019s IP address is segmented, either physically or logically, from standard network traffic [2].</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.securityweek.com/attackers-can-exploit-critical-citrix-adm-vulnerability-reset-admin-passwords\">https://www.securityweek.com/attackers-can-exploit-critical-citrix-adm-vulnerability-reset-admin-passwords</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512\">https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}