An unauthenticated remote code execution flaw (CVE-2022-27518) is being leveraged by a Chinese state-sponsored group to compromise Citrix Application Delivery Controller (ADC) deployments, the US National Security Agency has warned. “Targeting Citrix ADCs can facilitate illegitimate access to targeted organizations by bypassing normal authentication controls.” About CVE-2022-27518 CVE-2022-27518 stems from the vulnerable devices’ software failing to maintain control over a resource throughout its lifetime (creation, use, and release) and gives remote attackers the opportunity to … More
The post State-sponsored attackers actively exploiting RCE in Citrix devices, patch ASAP! (CVE-2022-27518) appeared first on Help Net Security.