If you purchase via links on our site, we may receive affiliate commissions.

Thousands of Citrix servers exposed to patched critical bugs

Senior Journalist

Updated on: 29 December 2022

Image by Shutterstock.

Citrix ADC and Gateway endpoints are still vulnerable to two critical flaws the company patched weeks ago, researchers claim.

Two critical vulnerabilities tracked as CVE-2022-27510 and CVE-2022-27518 still affect thousands of Citrix Application Delivery Controller (ADC) and Gateway devices, NCC Group’s Fox IT team said in a blog post.

The first vulnerability, CVE-2022-27510, is an authentication bypass flaw the vendor patched on November 8. The second is a remote code execution (RCE) vulnerability Citrix fixed in mid-December.

Both vulnerabilities pose severe security risks. According to the National Security Agency (NSA), the vulnerabilities were exploited in the wild by the China-linked Advanced persistent threat (APT) group Manganese (APT5).

While Citrix released patches for both flaws, the Fox IT team found that many still remain exposed. Data collected as late as December 28 show that close to 4k internet-facing devices are vulnerable to the arbitrary RCE flaw. Many machines are still vulnerable to both critical flaws.

Even though there are still many vulnerable devices, researchers claim that many countries were quick to fix the issue. Data from countries where Citrix ADC and Gateway servers are used most often show a sharp drop in vulnerable devices after the NSA and Citrix released advisories.