Citrix released fixes for three vulnerabilities affecting its Gateway and ADC products on Tuesday, including one of critical severity. Citrix Gateway is an SSL VPN solution that offers single sign-on across applications and devices. It is widely used across on-premises and cloud environments.
An application delivery and load balancing solution called Citrix ADC (previously NetScaler ADC) provides visibility into applications across various cloud environments. Citrix claims that the recently discovered flaws could be used to bypass authentication (CVE-2022-27510, CVSS score of 9.8).
The vulnerabilities were able to launch a phishing attack that results in remote desktop takeover (CVE-2022-27513, CVSS score of 8.3), and get around brute force defenses (CVE-2022-27516, CVSS score of 5.3).