CVE-2022-27511
published 2022-06-16CVE-2022-27511: Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot…
PriorityP263high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
12.05%
95.6th percentile
Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | application_delivery_management | < 13.0-85.19 | 13.0-85.19 |
| citrix | application_delivery_management | >= 13.1 < 13.1-21.53 | 13.1-21.53 |
| citrix | citrix_adm | — | — |
| citrix | citrix_application_delivery_management | — | — |
| citrix | citrix_application_delivery_management | >= unspecified < 13.1-21.53 | 13.1-21.53 |
| citrix | citrix_application_delivery_management | >= unspecified < 13.0-85.19 | 13.0-85.19 |
| citrix | xenserver | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts targeting Citrix ADM IP access that could lead to admin password reset — monitor for unauthenticated remote access to ADM management IP, particularly followed by device reboot events ↗
- →After exploitation and reboot, attacker connects via SSH using default administrator credentials — alert on SSH logins to Citrix ADM using default credentials, especially post-reboot ↗
- →Prioritize detection on internet-exposed Citrix ADM instances — organizations with ADM exposed to the internet are at highest risk ↗
- →Flag Citrix ADM builds 13.1-24.38 and below, and 13.0-84.10 and below as vulnerable during asset inventory and scanning ↗
- ·Citrix ADM 12.1 is end-of-life and receives no patches — these versions may be vulnerable but are unsupported; upgrade is required ↗
- ·Citrix ADM service (cloud-managed) customers are not affected and require no action ↗
- ·No proof-of-concept exploit was publicly available at time of disclosure, and the vulnerability is described as hard to exploit despite being high severity ↗
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:C/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m9r7-42xp-mhjp: Corruption of the system by a remote, unauthenticated user
ghsa_unreviewed·2022-06-17
CVE-2022-27511 [HIGH] CWE-284 GHSA-m9r7-42xp-mhjp: Corruption of the system by a remote, unauthenticated user
Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted.
Citrix
Citrix Application Delivery Management Security Bulletin for CVE-2022-27511 and CVE-2022-27512
vendor_citrix·2022-06-27·CVSS 8.1
CVE-2022-27511 [HIGH] CWE-284 Citrix Application Delivery Management Security Bulletin for CVE-2022-27511 and CVE-2022-27512
Citrix Application Delivery Management Security Bulletin for CVE-2022-27511 and CVE-2022-27512
CWE Pre-conditions CVE-2022-27511 Corruption of the system by a remote, unauthenticated user potentially leading to the reset of the administrator password CWE-284: Improper Access Control Access to ADM IP CVE-2022-27512 Temporary disruption of the ADM license service CWE-664: Improper Control of a Resource Through its Lifetime Access to ADM IP All supported versions of Citrix ADM server and Citrix ADM agent are affected by this vulnerability. The following versions of Citrix ADM are in support: Citrix ADM 13.1 and Citrix ADM 13.0. The affected builds are: Citrix ADM 13.1 before 13.1-21.53 Citrix ADM 13.0 before 13.0-85.19 Please note that Citrix ADM 12.1 has now reached End of Life and is no lo
No detection rules found.
No public exploits indexed.
Tenable
Cybersecurity Snapshot: 6 Things That Matter Right Now
blogs_tenable·2022-07-01
Cybersecurity Snapshot: 6 Things That Matter Right Now
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Checkpoint
20th June – Threat Intelligence Report
blogs_checkpoint·2022-06-20·CVSS 7.8
CVE-2022-30190 [HIGH] 20th June – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 20th June – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 20th June, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Check Point Research has exposed an Iranian spear-phishing operation targeting high profile Israeli and US executives. As part of their operations, the attackers take over existing accounts of the executives and create impersonating accounts to lure their targets into long email conversations. The operation aims at stealing per
Tenable
CVE-2022-27511, CVE-2022-27512: Patches for Two Citrix Application Delivery Management Vulnerabilities
blogs_tenable·2022-06-17·CVSS 8.1
[HIGH] CVE-2022-27511, CVE-2022-27512: Patches for Two Citrix Application Delivery Management Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
2022-06-16
Published