Vulnerability Details CVE-2022-27518
Unauthenticated remote arbitrary code execution
Exploit prediction scoring system (EPSS) score
EPSS Score 0.112
EPSS Ranking 93.1%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
Citrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to execute code as administrator.
Ransomware Campaign
Unknown
References
Products affected by CVE-2022-27518
-
cpe:2.3:h:citrix:application_delivery_controller:-
-
cpe:2.3:h:citrix:gateway:-
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1-55.238
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1-55.291
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1-57.18
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1-58.15
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1-61.18
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1-62.23
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1-62.27
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:13.0
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:13.0-58.30
-
cpe:2.3:o:citrix:gateway_firmware:12.1
-
cpe:2.3:o:citrix:gateway_firmware:13.0
-
cpe:2.3:o:citrix:gateway_firmware:13.0-58.30