Home > Security Bulletins > Citrix ADC and Gateway RCE Vulnerability (CVE-2022-27518)

Citrix ADC and Gateway RCE Vulnerability (CVE-2022-27518)

Security threat modeling
December 15th 2022

Seasons Greetings from your resident spotit author, James! Apologies for the lack of content over the last couple of months, I’ve unfortunately been pre-occupied with some other things but as of today, normal service has resumed! 🥳

Citrix ADC/Citrix Gateway Unauthenticated RCE

Citrix has released security updates to patch a Critical severity vulnerability in Citrix ADC and Citrix Gateway. This vulnerability can allow an unauthenticated attacker to execute commands remotely and is being actively exploited in-the-wild by APT5/UNC2630/MANGANESE as confirmed by the NSA.

CVE-2022-27518 is a 9.8 (Critical) severity vulnerability. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Citrix said:

We are aware of a small number of targeted attacks in the wild using this vulnerability…
Customers who are using an affected build with a SAML SP or IdP configuration are urged to install the recommended builds immediately as this vulnerability has been identified as critical. No workarounds are available for this vulnerability.

Vulnerable version of Citrix ADC and Citrix Gateway are as follows:

  • Citrix ADC and Citrix Gateway 13.0 before 13.0-58.32
  • Citrix ADC and Citrix Gateway 12.1 before 12.1-65.25
  • Citrix ADC 12.1-FIPS before 12.1-55.291
  • Citrix ADC 12.1-NDcPP before 12.1-55.291

These versions are affected if the appliances are configured with SAML SP or SAML IdP. To confirm how the device is configured, admins should inspect ns.conf for the following commands:

add authentication samlAction
add authentication samlIdPProfile

Citrix ADC 13.1 and Citrix Gateway 13.1 (and later versions of both) are unaffected. Citrix-managed cloud services are already upgraded by Citrix.


Spotit recommends that users of the affected versions upgrade as follows:

  • Citrix ADC FIPS and Citrix ADC NDcPP should be upgraded to version 12.1-55.291 or later
  • Citrix ADC and Citrix Gateway 12.x should be upgraded to version or

Spotit also recommends that users follow Citrix’s Best Practices for Secure Deployment of ADC appliances.


That’s all for now!