Citrix warned customers of a major vulnerability in Citrix’s Application Delivery Management (ADM). The vulnerability can allow unauthenticated attackers to log in as administrators.
Citrix ADM is a centralized console for handling cloud or on-premises Citrix deployments, including Citrix Gateway, Citrix Secure Web Gateway and Citrix Application Delivery Controller (ADC).
Citrix urged customers to install security upgrades that address critical Citrix ADM vulnerabilities allowing hackers to reset administrator’s passwords. The vulnerability is known as CVE-2022-27511 and affects all Citrix ADM agent and Citrix ADM server versions. Effective exploitation can enable unauthenticated actors to debase unpatched systems, leading to resting admin passwords.
“The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted”, the organization noted.
Mitigate or upgrade
Although the vulnerability has already been fixed for customers utilizing cloud-based ADM services, Citrix urged administrators operating on-premises versions to patch as soon as possible. Citrix offered detailed instructions on patching ADM servers and ADM agents on its website.
If you cannot place these security upgrades, you can implement mitigation steps shared by the company to minimize exploitation risk. “Citrix strongly recommends that network traffic to the Citrix ADM’s IP address is segmented, either physically or logically, from standard network traffic. Doing so diminishes the risk of exploitation of these issues.”