Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and remediating threats to prevent lateral spread.
Investigation and enhanced threat detection across multi-cloud or hybrid environments.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Customer testimonials and case studies.
Stories on cyberattacks, customers, employees, and more.
Cyber incident, analyst, and thought leadership reports.
Demonstrations, seminars and presentations on cybersecurity topics.
Information and solution briefs for our services.
MITRE ATT&CK Framework, Cybersecurity Assessment, SOC Calculator & more
On December 13th, 2022, Citrix released a patch for vulnerable versions of Citrix ADC and Citrix Gateway products [1]. The vulnerability is tracked as CVE-2022-27518; Citrix describes it as an arbitrary code execution vulnerability. When CVE-2022-27518 is exploited, a threat actor could perform unauthenticated arbitrary code execution on the appliance. This vulnerability is being actively exploited in the wild in limited targeted attacks [4]; applying the available patches as soon as possible is highly recommended.
A vulnerability has been discovered in Citrix Gateway and Citrix ADC, tracked as CVE-2022-27518, that, if exploited, could allow an unauthenticated, remote attacker to perform arbitrary code execution on the appliance.
A pre-condition for this exploit to successfully impact an organization is that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP. The SAML IdP (Identity Provider) is a SAML entity deployed on the customer network. The IdP receives requests from the SAML SP and redirects users to a login page, where they must enter their credentials. The IdP authenticates these credentials with the active directory (external authentication server, such as LDAP) and then generates a SAML assertion sent to the SP.
As mentioned above, you can verify the impacted servers by inspecting your configuration files for the above lines. If either of the commands are present in the ns.conf file, the appliance must be updated if the version is affected.
Relevant updated versions of Citrix ADC or Citrix Gateway include:
Please note that Citrix ADC and Citrix Gateway versions prior to 12.1 are EOL, and customers on those versions are recommended to upgrade to one of the supported versions.
Citrix has notified users via their bulletin [2] and is providing technical assistance with this issue via your Citrix Technical Support contact.
[1] https://support.citrix.com/article/CTX474995/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227518
[2] https://support.citrix.com/search/#/All%20Products?ct=Security%20Bulletins&searchText=&sortBy=Created%20date&pageIndex=1
[3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27518
[4] https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/