COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2022-27518

CVE-2022-27518

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2022-12-13
Reference
https://nvd.nist.gov/vuln/detail/CVE-2022-27518
⌖ exploited in the wild shame 50/100 exploited-in-wild

Citrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to execute code as administrator.

Players implicated

Citrix · vendorApplication Delivery Controller (ADC) and Gateway · product

Description

Citrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to execute code as administrator.

Affected FedRAMP products 1 in the catalog

ProductProviderStatusMatch
Citrix for Government Citrix Authorized vendor-exact · 0.90