July 27, 2022
A vulnerability has been discovered in Citrix ADC and Citrix Gateway which enables an attacker to create a specially crafted URL that redirects to a malicious website.
This vulnerability has the following identifier:
|CVE-2022-27509||Unauthenticated redirection to a malicious website||CWE-345: Insufficient Verification of Data Authenticity||* Appliance must be configured as a VPN (Gateway) or AAA virtual server|
** A victim user must use an attacker-crafted link
Citrix recommends that affected customers install the relevant updated versions of Citrix ADC or Citrix Gateway as soon as possible:
Note: Customers who have previously copied the httpd.conf file to the /nsconfig directory must follow the steps at URL to ensure this security update is correctly installed.
Contact Cornerstone.IT with any questions or assistance regarding this update.