VULNERABILITY ADVISORY

CITRIX

June 16, 2022

Page | 1
 Table of Contents

1. Purpose..........................................................................................................................................................3
2. Introduction....................................................................................................................................................4
3. Technical Details.............................................................................................................................................5
4. Mitigation Measures......................................................................................................................................6
5. References......................................................................................................................................................7

Page | 2
 1. Purpose

This document is to create awareness about ongoing cyber events.

Page | 3
 2. Introduction

On 14th June, Citrix released security updates to address multiple vulnerabilities in Application Delivery
Management (Citrix ADM). The most severe of which could allow for corruption of the system by a remote,
unauthenticated user. An attacker could exploit some of these vulnerabilities to take control of an affected
system.

Release Date: 15th June 2022

CVE Detail:
 CVE-2022-27511
 CVE-2022-27512

Affected Products:
 Citrix ADM 13.1 before 13.1-21.53
 Citrix ADM 13.0 before 13.0-85.19

Distribution Method: Vulnerability Exploitation

Page | 4
 3. Technical Details
Multiple Vulnerabilities have been discovered in the Citrix Application Delivery Management (Citrix ADM).
The most severe of which could allow for corruption of the system by a remote, unauthenticated user or
even temporary system disruptions.

 CVE-2022-27511: This vulnerability leads to Corruption of the system by a remote, unauthenticated user.
The impact of this can include the reset of the administrator password at the next device reboot,
allowing an attacker with SSH access to connect with the default administrator credentials after the
device has rebooted.

 CVE-2022-27512: This vulnerability leads to Temporary disruption of the ADM license service. The impact
of this includes preventing new licenses from being issued or renewed by Citrix ADM.

Page | 5
 4. Mitigation Measures

An organization should always be well prepared for the forthcoming incidents that may approach possessing
harmful instincts such as cyber-attacks. To tackle those attacks at the initial level, following are certain points
that needs to be followed by any organization so as to reduce the risk of loss from the occurrence of any
undesirable event.
 Citrix strongly recommends that network traffic to the Citrix ADM’s IP address is segmented, either
physically or logically, from standard network traffic. Doing so diminishes the risk of exploitation of these
issues.
 Citrix recommends that affected customers install the relevant updated versions of Citrix ADM server
and Citrix ADM agent as soon as possible:
 Citrix ADM 13.1-21.53 and later versions of 13.1
 Citrix ADM 13.0-85.19 and later versions of 13.0
 Apply appropriate patches or appropriate mitigations provided by Citrix to vulnerable systems
immediately after appropriate testing.
 Run all software as a non-privileged user (one without administrative privileges) to diminish the effects
of a successful attack
 Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
 Inform and educate users regarding the threats posed by hypertext links contained in emails or
attachments especially from un-trusted sources.
 Apply the Principle of Least Privilege to all systems and services.

Page | 6
 5. References

 https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-
bulletin-for-cve202227511-and-cve202227512
 https://www.cisa.gov/uscert/ncas/current-activity/2022/06/14/citrix-releases-security-updates-
application-delivery-management

Page | 7