This Alert is relevant to organisations who deploy and maintain configurations for Citrix appliances to facilitate remote access for their users. The Alert is intended to be understood by slightly more technical users who maintain systems – there is no action for the end users to take.
Background / What has happened?
The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) is aware of a critical vulnerability (CVE-2022-27518) affecting many versions of Citrix Gateway and ADC.
Citrix ADC are widely used by organisations to provide remote desktop services to remote users, including allowing users to work from home.
Exploitation of the vulnerability could allow a malicious actor to perform remote code execution against hosts running the affected versions of Citrix.
The (ASD's ACSC) is aware the vulnerability may have been exploited in the wild. The (ASD's ACSC) is not aware of successful exploitation attempts against Australian organisations.
Affected Australian organisations should investigate for signs of compromise.
Mitigation / How do I stay secure?
Australian organisations that use Citrix Gateway or ADC should install the latest updated versions, read Citrix Security Bulletin CTX474995 and take the recommended actions.
- The Security Bulletin published by Citrix is available at: https://support.citrix.com/article/CTX474995/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227518
- A Cybersecurity Advisory has also been published by the United States’ National Security Agency (NSA), which is available at: https://www.nsa.gov/Press-Room/Cybersecurity-Advisories-Guidance/
Assistance/Where can I go for help?
The (ASD's ACSC) is monitoring the situation and is able to provide assistance and advice as required. Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).