December 15, 2022
A vulnerability has been discovered in Citrix Gateway and Citrix ADC, listed below, that, if exploited, could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance.
|Unauthenticated remote arbitrary code execution||CWE-664: Improper Control of a Resource Through its Lifetime||Citrix Gateway, Citrix ADC||Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP|
Exploits of this issue on unmitigated appliances in the wild have been reported. Citrix strongly urges affected customers of Citrix ADC and Citrix Gateway to install the relevant updated versions of Citrix ADC or Citrix Gateway as soon as possible:
13.0-58.32and later releases
12.1-65.25and later releases of
12.1-55.291and later releases of 12.1-FIPS
12.1-NDcPP 12.1-55.291and later releases of 12.1-NDcPP
Contact Cornerstone.IT today – we can help.