Thousands of Citrix ADC and Gateway endpoints are still vulnerable to two known vulnerabilities for which fixes already exist. This was recently discovered by security specialist Fox-IT in an investigation.

According to the security specialist, thousands of Citrix ADC and Gateway deployments worldwide are still vulnerable to three recently discovered and fixed vulnerabilities. Specifically, these include the authentication bypass CVE-2022-27510 fixed on Nov. 18 and the remote command execution vulnerability CVE-2022-27518 dated Dec. 13 of this year.

Investigating software versions

Fox-IT researchers state that while many Citrix AD and Gateway endpoints connected to the public Internet have now been patched, thousands are still open to possible attacks.The research was based on the software versions the endpoints found were running.

Most of these were running on the good latest version, but endpoints were also discovered running on the prior version. This version is vulnerable to one of the two vulnerabilities (CVE-2022-27518). There were also endpoints that did not return a hash for the software version, making it unknown which version they are running and/or vulnerable.

Netherlands lags behind in patching

The study also reveals further differences between countries in rolling out security updates. In the U.S., Germany, Australia and Switzerland, updates were rolled out fairly quickly. Other countries, including the Netherlands, are still slightly behind in patching. China still has a long way to go, though.

Tip: NSA: cybercriminals actively exploit Citrix ADC and Gateway