Citrix patches a “nasty bug” in its Application Delivery Management solution that is difficult to exploit.

CVE-2022-27511, CVE-2022-27512: Patches for Two Citrix Application Delivery Management Vulnerabilities

Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted.

Multiple vulnerabilities exist in Citrix Application Delivery Management (ADM) 13.0 prior to 13.0-85.19 and 13.1 prior to 13.1-21.53. An unauthenticated, remote attacker can exploit this to reset the administrator password and gain administrative access to the appliance.

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

CVE-2022-27511

high

Tenable Plugins

high