A Citrix ADM flaw that lets hackers reset admin data gets patched

Citrix ADM Vulnerability Flaw Hackers Reset Admin Data Patch

A critical vulnerability tracked CVE-2022-27511 that affected the Citrix Application Delivery Management (ADM) technology has now been patched. The said flaw allows threat actors to reset administrators’ passwords remotely.

Citrix’s Application Delivery and Management (ADM) solution is a web-based technology for its users to easily manage all Citrix-related cloud or on-premise deployments, including ADC MPX, ADC VPX, ADC SDX, ADC CPX, ADC BLX, Citrix Gateway, and Secure Web Gateway.

The threat actors exploiting the improper access control flaw could crash their victims’ systems through distributed denial-of-service (DDoS) attacks and reset admin credentials, such as their passwords, on the following reboot of the impacted device.

Citrix also explained these details from their recent advisory post, explaining that the flaw permits an unauthorised user, such as an attacker, with Secure Shell (SSH) access to connect using the default admin credentials on a network after the user reboots the targeted machine.

 

Security experts explained that the Citrix ADM flaw is close to the threat severity posed by remote code execution (RCE) vulnerabilities.

 

Another Citrix Application Delivery Management flaw with lesser severity (CVE-2022-27512) allows threat actors to disable an ADM’s license service temporarily. These critical flaws impact all Citrix ADM servers and agents; thus, enterprise sysadmins are urged to upgrade their systems with the most recent versions, which are the Citrix ADM 13.1-21.53, Citrix ADM 13.0-85.19, or other releases that could aid to their issues.

Security researchers also informed Citrix clients that threat actors who have abused these Application Delivery Management technology vulnerabilities could take control of a compromised system, stressing the grave risks of these threats.

The researchers who have discovered the critical flaws have yet to give additional input. As of now, aside from updating their systems using the new patches, users must be wary about threats that currently exist within the Citrix Application Delivery Management and implement measures to protect themselves from being compromised.

About the author

Leave a Reply