What We Do
How We Do
Get Started
Security advisories

Citrix ADC and Gateway Zero-Day Vulnerability - CVE-2022-27518

December 13, 2022 | 2 MINS READ

Speak With A Security Expert Now



On December 13th, 2022, Citrix released a patch for vulnerable versions of Citrix ADC and Citrix Gateway products [1]. The vulnerability is tracked as CVE-2022-27518; Citrix describes it as an arbitrary code execution vulnerability. When CVE-2022-27518 is exploited, a threat actor could perform unauthenticated arbitrary code execution on the appliance. This vulnerability is being actively exploited in the wild in limited targeted attacks [4]; applying the available patches as soon as possible is highly recommended.

What we’re doing about it

What you should do about it

Additional information

A vulnerability has been discovered in Citrix Gateway and Citrix ADC, tracked as CVE-2022-27518, that, if exploited, could allow an unauthenticated, remote attacker to perform arbitrary code execution on the appliance.

A pre-condition for this exploit to successfully impact an organization is that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP. The SAML IdP (Identity Provider) is a SAML entity deployed on the customer network. The IdP receives requests from the SAML SP and redirects users to a login page, where they must enter their credentials. The IdP authenticates these credentials with the active directory (external authentication server, such as LDAP) and then generates a SAML assertion sent to the SP.

As mentioned above, you can verify the impacted servers by inspecting your configuration files for the above lines. If either of the commands are present in the ns.conf file, the appliance must be updated if the version is affected.

Relevant updated versions of Citrix ADC or Citrix Gateway include:

Please note that Citrix ADC and Citrix Gateway versions prior to 12.1 are EOL, and customers on those versions are recommended to upgrade to one of the supported versions.

Citrix has notified users via their bulletin [2] and is providing technical assistance with this issue via your Citrix Technical Support contact. 


[1] https://support.citrix.com/article/CTX474995/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227518
[2] https://support.citrix.com/search/#/All%20Products?ct=Security%20Bulletins&searchText=&sortBy=Created%20date&pageIndex=1
[3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27518
[4] https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/

View Most Recent Advisories