CVE-2022-27511 — Improper Access Control in Citrix Application Delivery Management

CWE-284 — Improper Access Control CWE-863 — Incorrect Authorization CWE-664 — Improper Control of a Resource Through its Lifetime5 documents4 sources

Severity

8.1HIGHNVD

EPSS

22.4%

top 4.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Application Delivery Management Citrix Application Delivery Management Citrix ADM +1 more

Timeline

PublishedJun 16

Latest updateJul 1

Description

Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages5 packages

▶NVDcitrix/application_delivery_management13.1 — 13.1-21.53+1

▶CVEListV5citrix/citrix_application_delivery_managementunspecified — 13.1-21.53+1

▶citrixcitrix/xenserver

▶citrixcitrix/citrix_adm

▶citrixcitrix/citrix_application_delivery_management

🔴Vulnerability Details

GHSA

GHSA-m9r7-42xp-mhjp: Corruption of the system by a remote, unauthenticated user↗2022-06-17

▶

📋Vendor Advisories

Citrix

Citrix Application Delivery Management Security Bulletin for CVE-2022-27511 and CVE-2022-27512↗2022-06-27

▶

🕵️Threat Intelligence

Tenable

Cybersecurity Snapshot: 6 Things That Matter Right Now↗2022-07-01

▶

Tenable

CVE-2022-27511, CVE-2022-27512: Patches for Two Citrix Application Delivery Management Vulnerabilities↗2022-06-17

▶