clayton@site:~/news$ cat cve-2022-27518-citrix-application-delivery-controller-adc-and-gateway.log

CVE-2022-27518 — Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability

2022-12-13 • CISA Known Exploited Vulnerability

[event] Citrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to execute code as administrator.

> AFFECTED SOFTWARE

Field	Value
Vendor	Citrix
Product	Application Delivery Controller (ADC) and Gateway
CWE	CWE-664
CVE ID	CVE-2022-27518
Date Added	2022-12-13
Due Date	2023-01-03
Ransomware Campaign	Unknown

> MITIGATION

Apply updates per vendor instructions.

Due Date: 2023-01-03

> REFERENCES

[1] https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-f...
[2] https://nvd.nist.gov/vuln/detail/CVE-2022-27518