Vulnerability Management, Managed Services

Citrix fixes two vulnerabilities in its ADM server

A sign is posted on the exterior of a Citrix office complex Jan. 31, 2022, in Santa Clara, Calif. A newly disclosed vulnerability in Citrix application delivery controllers and its Gateway remote access solution allows an unauthenticated attacker to execute arbitrary code, and follow up guidance from U.S. national security officials indicate that a...

Citrix has recommended that its customers update the versions of the Citrix Application Delivery Management (ADM) it specified in a recent security bulletin.

The flaws concern two ADM vulnerabilities that affect Citrix ADM 13.1-21.53 and later versions of 13.1 and Citrix ADM 13.0-85.19 and later versions of 13.0.

In posting the security bulletin earlier this week Citrix said the two vulnerabilities were for CVE-2022-27511, the corruption of the system by a remote, unauthenticated user potentially leading to the reset of the administrator password; and CVE-2022-27512, the temporary disruption of the ADM license service.

The vulnerability discovered in the Citrix ADM software serves as a reminder that security teams should put extra protections in place for sensitive application functions, said Nicolas Rubio, senior cybersecurity consultant at nVisium. Rubio said security teams must implement logic to assure valid sessions and proper permissions are in place when utilizing any application functions.

“Take particular care regarding sensitive admin functions like resetting passwords,” Rubio said. “When facing persistent attackers, negligence and thin protections will become their penetration point to break through.”

Mike Parkin, senior technical engineer at Vulcan Cyber, added that while it may be challenging for an attacker to trigger the vulnerability and then cause a reboot to actually exploit the system, security teams should take any remote authentication issue seriously. 

“Fortunately, Citrix has released updated versions that correct the issue as well as detailing ways to mitigate the risk,” Parkin said. “Ideally, those mitigations — isolating the ADM server from unauthorized traffic — were in place as part of the original deployment as industry best practices.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.