Issued: Tuesday, 21 June, 2022 |
Last Revision: Tuesday, 21 June, 2022 |
Vendor: |
Product: |
Severity Level: |
There have been multiple security vulnerabilities found in Citrix ADM. Citrix ADM is a web-based management tool for Citrix implementations. An unauthenticated attacker might reset the administrator password using the most serious of these flaws. The vulnerability, CVE-2022-27511 could allow a remote, unauthenticated user to take control of the system. This could result in the administrator password being reset on the next device reboot, allowing an attacker with SSH access to logon to the device using the default administrator credentials after it has rebooted. Another vulnerability, CVE-2022-27512, could cause the ADM license service to be temporarily disrupted. This has the effect of stopping Citrix ADM from issuing or renewing new licenses. To minimize the risk of these vulnerabilities being exploited, Citrix strongly advise that network traffic to Citrix ADM’s IP address be separated logically or physically from standard network traffic.
Affected Products
CVE/Vulnerability | Affected Product(s) |
CVE-2022-27511 CVE-2022-27512 | Citrix ADM 13.1 before 13.1-21.53 Citrix ADM 13.0 before 13.0-85.19 |
Vulnerability Details
CVE/Vulnerability | Description | CVSS3.0 Score |
CVE-2022-27511 | Improper Access Control | 8.1 |
CVE-2022-27512 | Improper Control of a Resource Through its Lifetime | 5.3 |