Very High
CVE-2022-27518
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2022-27518
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
Unauthenticated remote arbitrary code execution
Add Assessment
Ratings
-
Attacker ValueVery High
-
ExploitabilityMedium
Technical Analysis
Lots of advanced-ish threat notifications this week…Citrix published a security advisory and a companion blog on this zero-day bug today, noting that it’s been exploited in the wild. The NSA also released information about APT 5 targeting Citrix ADC installations; their bulletin includes threat intel.
ADC is always a nice target, and often hangs out on the internet. Leaving “Exploitability” as a medium for now since there’s not a ton on the vuln inself, other than that it’s SAML-related. I’d expect more vuln details out on this one shortly, and probably a rise in exploitation—just in time for the holidays.
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportCVSS V3 Severity and Metrics
General Information
Vendors
- citrix
Products
- application delivery controller firmware,
- gateway firmware
Exploited in the Wild
Would you like to delete this Exploited in the Wild Report?
Yes, delete this report- Vendor Advisory (https://support.citrix.com/article/CTX474995/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227518)
- Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
Would you like to delete this Exploited in the Wild Report?
Yes, delete this reportWould you like to delete this Exploited in the Wild Report?
Yes, delete this reportReferences
Exploit
A PoC added here by the AKB Worker must have at least 2 GitHub stars.
Miscellaneous
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below: