CVE-2022-27518
Published: 13 December 2022
Summary
CVE-2022-27518 is a critical-severity Improper Control of a Resource Through its Lifetime (CWE-664) vulnerability in Citrix Application Delivery Controller Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 3.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2022-27518 is an unauthenticated remote arbitrary code execution vulnerability carrying a CVSS 3.1 score of 9.8. The affected component is a Citrix product, as documented in the vendor advisory CTX474995.
An attacker can exploit the flaw over the network without any credentials or user interaction, resulting in full compromise of confidentiality, integrity, and availability on the target system.
The Citrix support article CTX474995 and the CISA Known Exploited Vulnerabilities catalog both address the issue, directing administrators to available patches and remediation steps.
The vulnerability appears in the CISA catalog, confirming observed exploitation in the wild, while its EPSS score has remained flat at a peak of 0.2769.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-32019
Vulnerability details
Unauthenticated remote arbitrary code execution
- CWE(s)
- KEV Date Added
- 13 December 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly blocks unauthenticated network access to exposed Citrix management/VPN interfaces before exploitation can occur.
Requires prompt application of vendor patches that eliminate the unauthenticated RCE flaw.
Enforces authorization, encryption, and monitoring requirements for all remote connections to the affected appliances.