Rewterz Threat Advisory – CVE-2022-27509 – Citrix ADC and Citrix Gateway Vulnerability

Severity

High

Analysis Summary

CVE-2022-27509

Citrix ADC and Citrix Gateway could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites.

Impact

• Unauthorized Access

Indicators Of Compromise

CVE

• CVE-2022-27509

Affected Vendors

• Citrix ADC
• Citrix Gateway

Affected Products

• Citrix Gateway 12.1
• Citrix Gateway 13.0
• Citrix ADC 13.0
• Citrix ADC 12.1
• Citrix ADC 13.1
• Citrix ADC 12.1-FIPS
• Citrix ADC 12.1-NDcPP
• Citrix Gateway 13.1
• Citrix Gateway 12.1-64.16
• Citrix ADC 12.1-64.16

Remediation

Refer to Citrix Security Advisory for patch, upgrade or suggested workaround information.

Citrix Security Advisory