Citrix Gateway and Citrix ADC remote code execution exploit

December 15, 2022

Apply latest patch to mitigate zero-day vulnerability CVE-2022-27518 

Cornerstone.IT Citrix Gold Solution Advisor badge

A vulnerability has been discovered in Citrix Gateway and Citrix ADC, listed below, that, if exploited, could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance.

CVE-ID  Description  CWE  Affected Products Pre-conditions 
CVE-2022-27518 Unauthenticated remote arbitrary code executionCWE-664: Improper Control of a Resource Through its LifetimeCitrix Gateway, Citrix ADC Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP 

Impacted Versions

  • Citrix ADC and Citrix Gateway 13.0 before 13.0-58.32
  • Citrix ADC and Citrix Gateway 12.1 before 12.1-65.25
  • Citrix ADC 12.1-FIPS before 12.1-55.291
  • Citrix ADC 12.1-NDcPP before 12.1-55.291

Remediation / Mitigation

Exploits of this issue on unmitigated appliances in the wild have been reported. Citrix strongly urges affected customers of Citrix ADC and Citrix Gateway to install the relevant updated versions of Citrix ADC or Citrix Gateway as soon as possible:

  • Citrix ADC and Citrix Gateway 13.0-58.32 and later releases
  • Citrix ADC and Citrix Gateway 12.1-65.25 and later releases of 12.1
  • Citrix ADC 12.1-FIPS 12.1-55.291 and later releases of 12.1-FIPS 
  • Citrix ADC 12.1-NDcPP 12.1-55.291 and later releases of 12.1-NDcPP


Contact Cornerstone.IT today – we can help.