Technology NewsThousands of Citrix Servers Still Unpatched for Critical Vulnerabilities

Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities


Dec 29, 2022Ravie LakshmananServer Security / Citrix

Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities

Thousands of Citrix Application Delivery Controller (ADC) and Gateway endpoints remain vulnerable to two critical security flaws disclosed by the company over the last few months.

The issues in question are CVE-2022-27510 and CVE-2022-27518 (CVSS scores: 9.8), which were addressed by the virtualization services provider on November 8 and December 13, 2022, respectively.

While CVE-2022-27510 relates to an authentication bypass that could be exploited to gain unauthorized access to Gateway user capabilities, CVE-2022-27518 concerns a remote code execution bug that could enable the takeover of affected systems.


Citrix and the U.S. National Security Agency (NSA), earlier this month, warned that CVE-2022-27518 is being actively exploited in the wild by threat actors, including the China-linked APT5 state-sponsored group.

Citrix Servers
Citrix Servers

Now, according to a new analysis from NCC Group’s Fox-IT research team, thousands of internet-facing Citrix servers are still unpatched, making them an attractive target for hacking crews.

This includes over 3,500 Citrix ADC and Gateway servers running version 12.1-65.21 that are susceptible to CVE-2022-27518, as well as more than 500 servers running 12.1-63.22 that are vulnerable to both flaws.

A majority of the servers, amounting to no less than 5,000, are running 13.0-88.14, a version that’s immune to CVE-2022-27510 and CVE-2022-27518.

A country-wise breakdown shows that more than 40% of servers located in Denmark, the Netherlands, Austria, Germany, France, Singapore, Australia, the U.K., and the U.S. have been updated, with China faring the worst, where only 20% of nearly 550 servers have been patched.

Fox-IT said it was able to deduce the version information from an MD5-like hash value present in the HTTP response of login URL (i.e., “ns_gui/vpn/index.html”) and mapping it to their respective versions.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


Please enter your comment!
Please enter your name here

Latest news

How to know that you have to buy a new mobile phone

Despite the fact that smartphones can perfectly last several years being functional today, there are a series of...

எந்த வயதில் மக்கள் குறைவாக தூங்குகிறார்கள்?

ஆய்வில் பங்கேற்றவர்களில் இளையவர் (வயது 19) அதிகம் தூங்குவதாகவும் ஆய்வில் கண்டறியப்பட்டுள்ளது.இருந்து ஆராய்ச்சியாளர்கள் நடத்திய புதிய ஆய்வு லண்டன் பல்கலைக்கழக கல்லூரிதி கிழக்கு ஆங்கிலியா...

MSI laptops with NVIDIA GeForce RTX 4000 graphics – report from the premiere event in Warsaw

At this year's CES in Las Vegas, NVIDIA presented the new generation of GeForce RTX 4000 mobile graphics...

New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers

Feb 04, 2023Ravie LakshmananEnterprise Security / Ransomware VMware ESXi hypervisors are the target of a new wave of attacks...

Bermuda hit by widespread internet outage amid power cut

Bermuda experienced a widespread power outage since Friday evening which impacted the island's internet and phone service availability. Deeming it...

Amazing Crockpot Meatloaf | The Recipe Critic

This website may contain affiliate links and advertising so that we can provide recipes to you. Read my...

Must read