CVE-2022-27516Protection Mechanism Failure in Citrix Application Delivery Controller Firmware

CWE-693Protection Mechanism FailureCWE-307Improper Restriction of Excessive Authentication AttemptsCWE-288Authentication Bypass Using an Alternate Path or ChannelCWE-345Insufficient Verification of Data Authenticity4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.1%
top 64.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Citrix Application Delivery Controller FirmwareCitrix GatewayCitrix ADC+2 more
Timeline
PublishedNov 8
Latest updateNov 10

Description

User login brute force protection functionality bypass

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

NVDcitrix/gateway12.112.1-65.21+2

🔴Vulnerability Details

1
GHSA
GHSA-cjxq-x92m-g6gc: User login brute force protection functionality bypass2022-11-09

📋Vendor Advisories

1
Citrix
Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-275162022-11-10

🕵️Threat Intelligence

1
Tenable
CVE-2022-27510: Critical Citrix ADC and Gateway Authentication Bypass Vulnerability2022-11-09