AI description
CVE-2022-27510 is an authentication bypass vulnerability affecting Citrix ADC (Application Delivery Controller) and Citrix Gateway. Disclosed on November 8, 2022, it allows unauthorized access to Gateway user capabilities. To be vulnerable, the server must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy). The vulnerability is classified as an authentication bypass using an alternate path or channel and improper authentication. It affects multiple versions of Citrix ADC and Citrix Gateway, specifically versions 13.1 before 13.1-33.47, 13.0 before 13.0-88.12, and 12.1 before 12.1-65.21, as well as Citrix ADC 12.1-FIPS before 12.1-55.289 and Citrix ADC 12.1-NDcPP before 12.1-55.289. An unauthenticated remote attacker can exploit this vulnerability by sending malicious packets to the target device, resulting in authentication bypass access to background services.
- Description
- Unauthorized access to Gateway user capabilities
- Source
- secure@citrix.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
12
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "710A9915-E94D-4AB3-9077-904185CD835C",
"versionEndExcluding": "12.1-65.21",
"versionStartIncluding": "12.1"
},
{
"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21A12502-B9D9-4ED0-9E90-F27317338831",
"versionEndExcluding": "13.0-88.12",
"versionStartIncluding": "13.0"
},
{
"criteria": "cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5C237286-B459-4FF4-810A-13740D2207E3",
"versionEndExcluding": "13.1-33.41",
"versionStartIncluding": "13.1"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0DD814B7-CD70-4AAA-B8C5-AEF4DBD1055A",
"versionEndExcluding": "12.1-65.21",
"versionStartIncluding": "12.1"
},
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51A18C6F-58A9-4924-AEBA-2AC1846055BA",
"versionEndExcluding": "13.0-88.12",
"versionStartIncluding": "13.0"
},
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BBEEB7CC-13B3-49D9-9C1C-B31A8274943E",
"versionEndExcluding": "13.1-33.47",
"versionStartIncluding": "13.1"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:fips:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9A9A7C22-9E06-45AF-8A7C-8BEB12FDDFE2",
"versionEndExcluding": "12.1-55.289",
"versionStartIncluding": "12.1"
},
{
"criteria": "cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:ndcpp:*:*:*",
"vulnerable": true,
"matchCriteriaId": "78FC158E-7881-448B-A2BA-19CBC3BF646C",
"versionEndExcluding": "12.1-55.289",
"versionStartIncluding": "12.1"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "80E69E10-6F40-4FE4-9D84-F6C25EAB79D8"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]