overview

Citrix 

This week, Citrix issued patches for three vulnerabilities impacting their Gateway and ADC products. According to Citrix, the vulnerabilities (CVE-2022- 27510, CVE-2022-27513, and CVE-2022-27516) could allow an attacker to bypass authentication and launch a phishing attack, leading to remote desktop takeover. They could also bypass brute force protection. 

Appliances configured as a VPN are the most vulnerable to attacks. CVE-2022-27510 has a CVSS score of 9.8 and is critical, impacting appliances operating as a gateway (appliances using the SSL VPN functionality or deployed as an ICA proxy with authentication enabled). The following supported versions of Citrix ADC and Citrix Gateway are affected by the flaws:  

  • Citrix ADC and Citrix Gateway 13.1 before 13.1-33.47  
  • Citrix ADC and Citrix Gateway 13.0 before 13.0-88.12  
  • Citrix ADC and Citrix Gateway 12.1 before 12.1.65.21 
  • Citrix ADC 12.1-FIPS before 12.1-55.289  
  • Citrix ADC 12.1-NDcPP before 12.1-55.289 

Please note that all versions prior to 12 are end-of-life and users should upgrade to a supported version. Citrix’s advisory stated that they are currently notifying customers and channel partners about the security issue through the publication of their security bulletin on the Citrix Knowledge Center 

 

VMware  

VMware also warned customers about three critical vulnerabilities this week. CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687 impact VMware’s Workspace ONE Assist solution and have a CVSS score of 9.8.  

The vulnerabilities are authentication bypass flaws and could allow an attacker with network access to VMware’s Workspace ONE to gain administrative access without being required to authenticate to the application.  

Workspace ONE Assist is primarily used by tech support to troubleshoot IT issues for employees. The software operates with the highest levels of privilege. If threat actors are able to use Workspace ONE Assist as an initial access point, it could be devastating for organizations. VMware recommends that all users update to Workspace ONE Assist 22.10 as soon as possible.  

 

 

How Avertium is Protecting Our CUSTOMERS

  • Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. 
  • Fusion MXDR is the first MDR offering that fuses together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is great than the sum of its parts. 
  • Minimizing the impact of a successful ransomware attack requires detecting it as early in the attack as possible. A Security Information and Event Management (SIEM) system can help an organization to accomplish this. Avertium offers a comprehensive SIEM-based approach that increases the potential for detecting a ransomware infection before it deploys. SIEM provides a holistic overview of a company’s IT environment from a single point of view in terms of its specific security events, empowering teams to detect and analyze unusual behavior. 

 

 

Avertium's recommendations    

  • Avertium recommends that you follow the patching guidelines for CVE-2022-27510, CVE-2022-27513, and CVE-2022-27516. You can find the guidelines here. 
  • Avertium recommends that you follow the patching guidelines for CVE-2022-31685, CVE-2022-31686, and CVE-31687. You can find the guidelines here 

 

 

INDICATORS OF COMPROMISE (IOCS):

At this time, there are no known IoCs associated with the above vulnerabilities. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   


 

 

SUPPORTING DOCUMENTATION

Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516 

Patch ASAP: Critical Citrix, VMware Bugs Threaten Remote Workspaces With Takeover (darkreading.com) 

VMSA-2022-0028 (vmware.com) 

Citrix Patches Critical Vulnerability in Gateway, ADC | SecurityWeek.Com 

VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software (thehackernews.com) 

 

 

 

 

Related Resource:  OpenSSL Project - Two High Severity Vulnerabilities

Chat With One of Our Experts



Citrix Gateway vulnerability Citrix VMWare vulnerability Citrix ADC vulnerability Flash Notice VMware Blog