CVE-2022-27513

Name of the Vulnerable Software and Affected Versions Citrix ADC (formerly Citrix NetScaler Application Delivery Controller) versions (affected versions not specified) Citrix Gateway (formerly Citrix NetScaler Gateway) versions (affected versions not specified)

Description The issue is related to insufficient authentication data validation in the Citrix ADC and Citrix Gateway systems. This can allow a remote attacker to gain access to the gateway when it is configured in RDP proxy mode. The vulnerability can be exploited via remote desktop takeover using phishing.

Recommendations For Citrix ADC, consider restricting access to the RDP proxy mode until a fix is available. For Citrix Gateway, restrict access to the gateway when it is configured in RDP proxy mode to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.